CVE-2017-3857

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.4 and 15.0 through 15.6 Cisco IOS XE versions 3.1 through 3.18

Description A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function exists due to insufficient validation of L2TP packets. This could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability can be exploited by sending a crafted L2TP packet to an affected device. The L2TP feature is not enabled by default, and the device must be configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint to be affected.

Recommendations For Cisco IOS versions 12.0 through 12.4 and 15.0 through 15.6, update to a fixed version of Cisco IOS. For Cisco IOS XE versions 3.1 through 3.18, update to a fixed version of Cisco IOS XE. As a temporary workaround, consider disabling the L2TP feature until a patch is available. Restrict access to the L2TP parsing function to minimize the risk of exploitation.