CVE-2014-3359

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.1 through 15.4 Cisco IOS XE versions 3.4.xS through 3.7.xS before 3.7.6S Cisco IOS XE versions 3.8.xS through 3.10.xS before 3.10.1S Cisco IOS XE versions 3.11.xS before 3.12S

Description A memory leak in the DHCP version 6 (DHCPv6) server implementation allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device, causing a memory leak and eventual reload of the device.

Recommendations For Cisco IOS versions 15.1 through 15.4, update to a fixed version to address the vulnerability. For Cisco IOS XE versions 3.4.xS through 3.7.xS, update to version 3.7.6S or later to address the vulnerability. For Cisco IOS XE versions 3.8.xS through 3.10.xS, update to version 3.10.1S or later to address the vulnerability. For Cisco IOS XE versions 3.11.xS, update to version 3.12S or later to address the vulnerability. As a temporary workaround, consider restricting access to the DHCPv6 server implementation to minimize the risk of exploitation.