CVE-2016-6381

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4 and 15.0 through 15.6 Cisco IOS XE versions 3.1 through 3.18 and 16.1

Description A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Recommendations For Cisco IOS versions 12.4 and 15.0 through 15.6, update to a fixed software version. For Cisco IOS XE versions 3.1 through 3.18 and 16.1, update to a fixed software version. As a temporary workaround, consider restricting access to the affected system to minimize the risk of exploitation.