CVE-2014-3268

Name of the Vulnerable Software and Affected Versions Cisco IOS version 15.2(4)M4

Description A vulnerability in handling Real-Time Control Protocol (RTCP) traffic could allow an unauthenticated, remote attacker to cause traffic that is destined to an affected device and traffic that needs to be processed switched to fail. The issue is due to exhaustion of the interface input queue by the RTCP traffic. An attacker could exploit this by sending RTCP packets in a specific sequence, potentially causing traffic to fail. To exploit this, an attacker may need access to trusted, internal networks where the targeted device resides.

Recommendations For Cisco IOS version 15.2(4)M4, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.