CVE-2014-3273

Name of the Vulnerable Software and Affected Versions Cisco IOS (affected versions not specified) Cisco switches (affected versions not specified)

Description The issue is related to the Link Layer Discovery Protocol (LLDP) implementation, which allows remote attackers to cause a denial of service (device reload) via a malformed packet. This is due to incorrect handling of malformed LLDP packets. An attacker could exploit this by sending a malformed LLDP packet to a switch when LLDP is enabled. The attacker needs access to the same collision or broadcast domain as the targeted device to send the packets.

Recommendations For Cisco IOS, update to a version that includes the fix for Bug ID CSCum96282. For Cisco switches, apply the software updates released by Cisco to address the vulnerability in Link Layer Discovery Protocol (LLDP). As a temporary workaround, consider disabling LLDP on affected devices until a patch is available.