A vulnerability exists within IOS that allows a remote, unauthenticated attacker to cause a denial of service condition to arise via maliciously crafted ICMP packets. This may cause IPSec tunnels to fail.
Cisco IOS 15.2M and 15.2(4)M, earlier versions may be affected as well
No Exploit Available
Denial of Service
Remote, unauthenticated attackers can send specially crafted ICMP packets which will change the already-configured MTU value of the tunnel interface. This will cause IPSec tunnels on the affected system to drop, thereby becoming unusable.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 31618 - Cisco IOS Denial of Service Vulnerability (20131122) (Zero-Day)
No mitigations are currently available.