CVE-2017-3803

Name of the Vulnerable Software and Affected Versions Cisco 2960X and 3750X switches versions 15.2(2)E3 through 15.2(4)E1

Description A vulnerability in the Cisco IOS Software forwarding queue could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue, leading to a partial denial of service (DoS) condition. The vulnerability is due to improper processing of IPv6 Neighbor Discovery (ND) packets. An attacker could exploit this vulnerability by sending a number of IPv6 ND packets to be processed by an affected device.

Recommendations For versions 15.2(2)E3, update to version 15.2(2)E6 or later. For version 15.2(4)E1, update to version 15.2(4)E3 or later. As a temporary workaround, consider restricting the processing of IPv6 ND packets to minimize the risk of exploitation.