CVE-2016-1409

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 2.1 through 3.17S Cisco IOS XR versions 2.0.0 through 5.3.2 Cisco NX-OS (affected versions not specified)

Description The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 Neighbor Discovery (ND) packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device. This issue has been exploited in the wild.

Recommendations For Cisco IOS XE versions 2.1 through 3.17S, update to a fixed version. For Cisco IOS XR versions 2.0.0 through 5.3.2, update to a fixed version. For Cisco NX-OS, update to a fixed version. As a temporary workaround, consider restricting access to the vulnerable IPv6 packet processing functions until a patch is available. Avoid using crafted IPv6 Neighbor Discovery (ND) packets in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.