CVE-2015-4203

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2SCH

Description The issue is caused by a race condition in the Performance Routing Engine (PRE) module when NetFlow and an MPLS IPv6 VPN are configured. This allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly. The vulnerability is related to errors in synchronization when using a shared resource.

Recommendations For Cisco IOS version 12.2SCH, consider disabling the NetFlow and MPLS IPv6 VPN configurations temporarily to minimize the risk of exploitation. Restrict access to the PRE module to prevent remote attackers from sending malformed packets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.