CVE-2016-1361

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices Cisco IOS (affected versions not specified)

Description The issue is related to improper input validation for the presence of a Bidirectional Forwarding Detection (BFD) header in a UDP packet. This allows remote attackers to cause a denial of service (line-card restart) via a crafted packet. The vulnerability is due to errors in resource management. An attacker could exploit this by sending a crafted UDP packet with a specific UDP port range to the affected device, causing a partial denial of service condition when a line card unexpectedly restarts.

Recommendations For Cisco IOS XR versions through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices: Update to a fixed software version. For Cisco IOS: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the UDP ingress receive function to minimize the risk of exploitation. Avoid using the BFD header in UDP packets until the issue is resolved.