CVE-2016-6438

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers versions 15.5(3)S2.9 through 15.6(2)SP Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers versions 3.16S through 3.18.1S

Description A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. The vulnerability is due to a logic processing error that exists if an affected device is configured with the Downstream Resiliency and Downstream Resiliency Bonding Group features. An attacker could exploit this vulnerability by continuously trying to establish Telnet or SSH connections to a targeted device. A successful exploit could allow the attacker to trigger an integrity issue with the vty line configuration.

Recommendations For versions 15.5(3)S2.9 through 15.6(2)SP, update to version 15.6(1.7)SP1 or later. For versions 3.16S through 3.18.1S, update to version 16.4(0.183) or later, or version 16.5(0.1) or later. As a temporary workaround, consider restricting access to Telnet and SSH connections to minimize the risk of exploitation.