CVE-2016-6423

Name of the Vulnerable Software and Affected Versions Cisco IOS version 15.5(3)M Cisco IOS XE (affected versions not specified)

Description A vulnerability in the Internet Key Exchange version 2 (IKEv2) code could allow an unauthenticated, remote attacker to cause a reload of the affected device. The issue is due to improper handling of crafted IKEv2 packets and applies only to IKEv2 devices acting as clients or IKEv2 initiators. An attacker could exploit this by sending crafted packets to the affected devices, but would need to force the device to connect to a rogue IKEv2 server under its control.

Recommendations For Cisco IOS version 15.5(3)M, update to a version that includes the fix for this issue. For Cisco IOS XE, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to IKEv2 servers to minimize the risk of exploitation.