CVE-2014-3262

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.3(3)S and earlier Cisco IOS XE (affected versions not specified)

Description The Locator/ID Separation Protocol (LISP) implementation does not properly validate parameters in ITR control messages, allowing remote attackers to cause a denial of service via malformed messages. This vulnerability is due to insufficient checking of certain parameters in LISP control messages on the Ingress Tunnel Router (ITR). An attacker could exploit this vulnerability by sending malformed LISP control messages to the ITR, causing a vulnerable device to disable Cisco Express Forwarding and eventually drop traffic passing through. To exploit this vulnerability, an attacker may need access to trusted, internal networks to send malformed LISP control messages to a targeted device.

Recommendations For Cisco IOS versions 15.3(3)S and earlier, update to a fixed software version. For Cisco IOS XE, update to a fixed software version. As a temporary workaround, consider restricting access to the Ingress Tunnel Router (ITR) to minimize the risk of exploitation.