CVE-2015-6278

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 Cisco IOS XE versions 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E Cisco IOS XE versions 3.7E before 3.7.2E Cisco IOS XE versions 3.9S and 3.10S before 3.10.6S Cisco IOS XE versions 3.11S before 3.11.4S Cisco IOS XE versions 3.12S and 3.13S before 3.13.3S Cisco IOS XE versions 3.14S before 3.14.2S

Description The IPv6 snooping functionality in the first-hop security subsystem does not properly implement the Control Plane Protection feature, allowing remote attackers to cause a denial of service via a flood of ND packets. This issue exists due to insufficient input validation, which can be exploited by an unauthenticated, remote attacker to cause an affected device to reload.

Recommendations For Cisco IOS versions 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5, update to a fixed version. For Cisco IOS XE versions 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E, update to version 3.6.3E or later. For Cisco IOS XE versions 3.7E, update to version 3.7.2E or later. For Cisco IOS XE versions 3.9S and 3.10S, update to version 3.10.6S or later. For Cisco IOS XE versions 3.11S, update to version 3.11.4S or later. For Cisco IOS XE versions 3.12S and 3.13S, update to version 3.13.3S or later. For Cisco IOS XE versions 3.14S, update to version 3.14.2S or later.