Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition.

The vulnerability is due to improper processing of IPv6 Neighbor Discovery (ND) packets. An attacker could exploit this vulnerability by sending a number of IPv6 ND packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial DoS service condition.

Workarounds that address this vulnerability are available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst”]