CVE-2013-1164

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.4 through 3.4.4S Cisco IOS XE version 3.5 Cisco IOS XE version 3.6

Description The issue is related to the improper implementation of the Cisco Multicast Leaf Recycle Elimination (MLRE) feature in Cisco IOS XE, allowing remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets. Successful exploitation could trigger a reload of the Embedded Services Processors (ESP) card or the Route Processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained denial of service condition.

Recommendations For Cisco IOS XE version 3.4, update to version 3.4.4S or later. For Cisco IOS XE version 3.5, update to a fixed version. For Cisco IOS XE version 3.6, update to a fixed version. As a temporary workaround, consider restricting access to IPv6 multicast traffic to minimize the risk of exploitation.