CVE-2016-1351

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.1 through 15.2 Cisco NX-OS versions 4.1 through 6.2

Description The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS and NX-OS allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet. The vulnerability is due to a lack of proper input validation when a malformed LISP packet header is received. An attacker could exploit this vulnerability by sending a malformed LISP packet on UDP port 4341, allowing the attacker to cause a denial of service (DoS) condition.

Recommendations For Cisco IOS versions 15.1 through 15.2, update to a newer version that addresses this vulnerability. For Cisco NX-OS versions 4.1 through 6.2, update to a newer version that addresses this vulnerability. As a temporary workaround, consider restricting access to UDP port 4341 to minimize the risk of exploitation.