CVE-2015-6272

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 2.1.0 through 2.2.3 Cisco IOS XE version 2.3.0

Description The issue is related to resource management errors in the Cisco IOS operating system. It can be exploited by a remote attacker using a specially crafted H.323 packet, potentially causing a denial of service. This can lead to the crash of the Embedded Services Processor when the NAT Application Layer Gateway is in use.

Recommendations For Cisco IOS XE versions 2.1.0 through 2.2.3, consider disabling the NAT Application Layer Gateway as a temporary workaround to minimize the risk of exploitation. For Cisco IOS XE version 2.3.0, restrict access to the H.323 protocol to reduce the likelihood of a denial of service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.