CVE-2015-4293

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.13S and earlier

Description The issue is related to the packet-reassembly implementation, which allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented IPv4 or IPv6 packets. This is due to an error message triggered when a fragmented packet cannot be properly reassembled, leading to ATTN-3-SYNC TIMEOUT errors. An attacker could exploit this by sending a series of IPv4 or IPv6 fragments designed to trigger the error message, potentially consuming CPU resources and causing a temporary halt of queued processes, which may result in dropped transit traffic.

Recommendations For Cisco IOS XE versions 3.13S and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco. As a temporary workaround, consider restricting access to the device from untrusted networks to minimize the risk of exploitation.