CVE-2014-3356

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.1 through 15.3 Cisco IOS XE versions 3.3.xXO before 3.3.1XO Cisco IOS XE versions 3.6.xS before 3.7.6S is not accurate, it should be versions 3.6.xS and 3.7.xS before 3.7.6S Corrected to: Cisco IOS XE versions 3.6.xS and 3.7.xS before 3.7.6S Cisco IOS XE versions 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S

Description The metadata flow feature in Cisco IOS Software allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets. This is due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit this by sending malformed RSVP packets to an affected device, potentially causing an extended denial of service (DoS) condition.

Recommendations For Cisco IOS versions 15.1 through 15.3, update to a version outside of this range. For Cisco IOS XE versions 3.3.xXO before 3.3.1XO, update to version 3.3.1XO or later. For Cisco IOS XE versions 3.6.xS and 3.7.xS before 3.7.6S, update to version 3.7.6S or later. For Cisco IOS XE versions 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S, update to version 3.10.1S or later.