CVE-2014-2183

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.10S(.2) and earlier

Description A vulnerability in the Layer 2 Tunneling Protocol (L2TP) module allows remote authenticated users to cause a denial of service via a malformed L2TP packet. The vulnerability occurs during the processing of such a packet, and an attacker could exploit it by sending malformed packets over an established L2TP session, potentially causing a reload of the affected ESP card. To exploit this issue, an attacker must first authenticate to the targeted device.

Recommendations For Cisco IOS XE versions 3.10S(.2) and earlier, update to a newer version that includes the fix for this issue, as indicated by Cisco's security notice.