CVE-2016-6392

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 and 15.0 through 15.3 Cisco IOS XE versions 3.1 through 3.9

Description Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.

Recommendations For Cisco IOS versions 12.2 and 15.0 through 15.3, update to a newer version that addresses these vulnerabilities. For Cisco IOS XE versions 3.1 through 3.9, update to a newer version that addresses these vulnerabilities. As a temporary workaround, consider restricting access to the MSDP and PIM protocols to minimize the risk of exploitation. At the moment, there is no information about other workarounds that address these vulnerabilities.