CVE-2015-6429

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.4 through 15.6 Cisco IOS XE versions 3.15 through 3.17

Description The issue is related to the IKEv1 state machine in Cisco IOS and Cisco IOS XE Software, which allows an unauthenticated, remote attacker to tear down valid IPsec connections. This is due to insufficient condition checks in the IKEv1 state machine. An attacker could exploit this by sending a spoofed, specific IKEv1 packet to an endpoint of an IPsec tunnel, resulting in a partial denial of service (DoS) condition.

Recommendations For Cisco IOS versions 15.4 through 15.6, update to a version that addresses this vulnerability. For Cisco IOS XE versions 3.15 through 3.17, update to a version that addresses this vulnerability. As a temporary workaround, consider restricting access to IPsec tunnels to minimize the risk of exploitation.