CVE-2016-6382

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.2 through 15.6 Cisco IOS XE versions 3.6 through 3.17 and 16.1

Description Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). An attacker who can send traffic to the IPv4 address of a device could exploit the vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.

Recommendations For Cisco IOS versions 15.2 through 15.6, update to a fixed software version. For Cisco IOS XE versions 3.6 through 3.17 and 16.1, update to a fixed software version. As a temporary workaround, consider restricting access to the multicast subsystem to minimize the risk of exploitation. At the moment, there is no information about other workarounds that address these vulnerabilities.