A vulnerability in authentication header packets processing on the Cisco ISM module for ISR G2 could allow an authenticated, remote attacker to cause a reload of the affected module.
The vulnerability is due to improper processing of malformed authentication header packets. An attacker could exploit this vulnerability by sending a stream of malformed authentication header packets over an established IPsec security association. An exploit could allow the attacker to cause a reload of the affected module, resulting in a denial of service (DoS) condition for IPsec traffic.
Cisco has confirmed the vulnerability in a security notice and software updates are available.
To exploit this vulnerability, the attacker must authenticate to a targeted system to send malformed authentication header packets. This access requirement limits the possibility of a successful exploit.
Customers are advised to review the bug reports in the "Vendor Announcements" section for a current list of affected versions.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.