CVE-2016-6473

Name of the Vulnerable Software and Affected Versions Cisco IOS versions prior to 12.2(50)SE4 Cisco IOS versions prior to 12.2(50)SE5 Cisco IOS versions prior to 12.2(50)SQ5 Cisco IOS versions prior to 12.2(50)SQ6 Cisco IOS versions prior to 12.2(50)SQ7 Cisco IOS versions prior to 12.2(52)EY4 Cisco IOS versions prior to 12.2(52)SE1 Cisco IOS versions prior to 12.2(53)EX Cisco IOS versions prior to 12.2(53)SE Cisco IOS versions prior to 12.2(53)SE1 Cisco IOS versions prior to 12.2(53)SE2 Cisco IOS versions prior to 12.2(53)SG10 Cisco IOS versions prior to 12.2(53)SG11 Cisco IOS versions prior to 12.2(53)SG2 Cisco IOS versions prior to 12.2(53)SG9 Cisco IOS versions prior to 12.2(54)SG1 Cisco IOS versions prior to 12.2(55)EX3 Cisco IOS versions prior to 12.2(55)SE Cisco IOS versions prior to 12.2(55)SE1 Cisco IOS versions prior to 12.2(55)SE10 Cisco IOS versions prior to 12.2(55)SE2 Cisco IOS versions prior to 12.2(55)SE3 Cisco IOS versions prior to 12.2(55)SE4 Cisco IOS versions prior to 12.2(55)SE5 Cisco IOS versions prior to 12.2(55)SE6 Cisco IOS versions prior to 12.2(55)SE7 Cisco IOS versions prior to 12.2(55)SE8 Cisco IOS versions prior to 12.2(55)SE9 Cisco IOS versions prior to 12.2(58)EZ Cisco IOS versions prior to 12.2(58)SE1 Cisco IOS versions prior to 12.2(58)SE2 Cisco IOS versions prior to 12.2(60)EZ Cisco IOS versions prior to 12.2(60)EZ1 Cisco IOS versions prior to 12.2(60)EZ2 Cisco IOS versions prior to 12.2(60)EZ3 Cisco IOS versions prior to 12.2(60)EZ4 Cisco IOS versions prior to 12.2(60)EZ5 Cisco IOS versions prior to 12.2(60)EZ6 Cisco IOS versions prior to 12.2(60)EZ7 Cisco IOS versions prior to 12.2(60)EZ8 Cisco IOS versions prior to 15.0(1)EY2 Cisco IOS versions prior to 15.0(1)SE Cisco IOS versions prior to 15.0(1)SE2 Cisco IOS versions prior to 15.0(1)SE3 Cisco IOS versions prior to 15.0(2)EA Cisco IOS versions prior to 15.0(2)EB Cisco IOS versions prior to 15.0(2)EC Cisco IOS versions prior to 15.0(2)ED Cisco IOS versions prior to 15.0(2)EH Cisco IOS versions prior to 15.0(2)EJ Cisco IOS versions prior to 15.0(2)EJ1 Cisco IOS versions prior to 15.0(2)EK1 Cisco IOS versions prior to 15.0(2)EX Cisco IOS versions prior to 15.0(2)EX1 Cisco IOS versions prior to 15.0(2)EX3 Cisco IOS versions prior to 15.0(2)EX4 Cisco IOS versions prior to 15.0(2)EX5 Cisco IOS versions prior to 15.0(2)EY Cisco IOS versions prior to 15.0(2)EY1 Cisco IOS versions prior to 15.0(2)EY2 Cisco IOS versions prior to 15.0(2)EZ Cisco IOS versions prior to 15.0(2)SE Cisco IOS versions prior to 15.0(2)SE1 Cisco IOS versions prior to 15.0(2)SE2 Cisco IOS versions prior to 15.0(2)SE3 Cisco IOS versions prior to 15.0(2)SE4 Cisco IOS versions prior to 15.0(2)SE5 Cisco IOS versions prior to 15.0(2)SE6 Cisco IOS versions prior to 15.0(2)SE7 Cisco IOS versions prior to 15.0(2)SE9 Cisco IOS versions prior to 15.0(2)SG10 Cisco IOS versions prior to 15.0(2)SG3 Cisco IOS versions prior to 15.0(2)SG6 Cisco IOS versions prior to 15.0(2)SG7 Cisco IOS versions prior to 15.0(2)SG8 Cisco IOS versions prior to 15.0(2)SG9 Cisco IOS versions prior to 15.0(2a)EX5 Cisco IOS versions prior to 15.1(2)SG Cisco IOS versions prior to 15.1(2)SG1 Cisco IOS versions prior to 15.1(2)SG2 Cisco IOS versions prior to 15.1(2)SG3 Cisco IOS versions prior to 15.1(2)SG4 Cisco IOS versions prior to 15.1(2)SG5 Cisco IOS versions prior to 15.1(2)SG6 Cisco IOS version 15.2(3)E

Description A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could exploit this vulnerability by injecting the Layer 2 frame into the network segment. An exploit could allow the attacker to cause a Layer 2 network storm and impact the availability of the switches.

Recommendations Update to a fixed version of Cisco IOS to resolve the issue for each affected version. As a temporary workaround, consider implementing workarounds that address this vulnerability until a patch is available. Restrict access to the network segment to minimize the risk of exploitation.