CVE-2009-2872

Name of the Vulnerable Software and Affected Versions: Cisco IOS versions 12.0 through 12.4

Description: The issue allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel when IP-based tunnels and the Cisco Express Forwarding feature are enabled. Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Recommendations: For Cisco IOS versions 12.0 through 12.4, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider disabling the IP-based tunnels and the Cisco Express Forwarding feature until a patch is available.