CVE-2016-1349

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 15.0, and 15.2 Cisco IOS XE versions 3.2 through 3.7

Description The vulnerability is due to incorrect handling of image list parameters in the Smart Install client feature, allowing an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786, potentially causing a Cisco Catalyst switch to reload.

Recommendations For Cisco IOS versions 12.2, 15.0, and 15.2, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.2 through 3.7, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling Smart Install functionality on the vulnerable device until a patch is available.