CVE-2015-0771

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.2 on Catalyst 6500 devices

Description The issue is related to the IKE implementation in the WS-IPSEC-3 service module, which allows remote authenticated users to cause a denial of service by sending a crafted message during IPsec tunnel setup. This is due to insufficient bounds checks on a specific message during the establishment of an IPsec tunnel. An attacker could exploit this by establishing an IKE session and sending the offending packet during subsequent negotiations, allowing them to cause a denial of service by forcibly reloading the switch. The attacker must authenticate to the targeted device to exploit this issue.

Recommendations For Cisco IOS version 12.2 on Catalyst 6500 devices, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the IKE subsystem or limiting the ability to establish IKE sessions to minimize the risk of exploitation.