CVE-2013-5474

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4 Cisco IOS versions 15.0 through 15.3

Description The issue is caused by a race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation, allowing a remote attacker to cause a denial of service (device reload or hang) via fragmented IPv6 packets. An attacker could exploit this by sending a crafted stream of valid IPv6 fragments, potentially resulting in a sustained denial of service condition.

Recommendations For Cisco IOS versions 12.2 through 12.4, update to a fixed version to address the vulnerability. For Cisco IOS versions 15.0 through 15.3, update to a fixed version to address the vulnerability. As a temporary workaround, consider restricting access to the VFR feature for IPv6 until a patch is available.