Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis=
co Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunne=
ling Protocol Denial of Service Vulnerability=0D=0A=0D=0AAdvisory=
 ID: cisco-sa-20170322-l2tp=0D=0A=0D=0ARevision: 1.0=0D=0A=0D=0AF=
or Public Release: 2017 March 22 16:00 GMT=0D=0A=0D=0ALast Update=
d: 2017 March 22 16:00 GMT=0D=0A=0D=0ACVE ID(s): CVE-2017-3857=0D=0A=
=0D=0ACVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I=
:N/A:H=0D=0A=0D=0A+----------------------------------------------=
-----------------------=0D=0A=0D=0ASummary=0D=0A=3D=3D=3D=3D=3D=3D=
=3D=0D=0AA vulnerability in the Layer 2 Tunneling Protocol (L2TP)=
 parsing function of Cisco IOS and Cisco IOS XE Software could al=
low an unauthenticated, remote attacker to cause an affected devi=
ce to reload.=0D=0A=0D=0AThe vulnerability is due to insufficient=
 validation of L2TP packets. An attacker could exploit this vulne=
rability by sending a crafted L2TP packet to an affected device. =
A successful exploit could allow the attacker to cause the affect=
ed device to reload, resulting in a denial of service (DoS) condi=
tion.=0D=0ACisco has released software updates that address this =
vulnerability. There are no workarounds that address this vulnera=
bility.=0D=0A=0D=0AThis advisory is available at the following li=
nk:=0D=0Ahttps://tools.cisco.com/security/center/content/CiscoSec=
urityAdvisory/cisco-sa-20170322-l2tp ["https://tools.cisco.com/se=
curity/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2t=
p"]=0D=0A=0D=0AThis advisory is part of the March 22, 2017, relea=
se of the Cisco IOS and IOS XE Software Security Advisory Bundled=
 Publication, which includes five Cisco Security Advisories that =
describe five vulnerabilities. All the vulnerabilities have a Sec=
urity Impact Rating of High. For a complete list of the advisorie=
s and links to them, see Cisco Event Response: March 2017 Semiann=
ual Cisco IOS and IOS XE Software Security Advisory Bundled Publi=
cation ["http://tools.cisco.com/security/center/viewErp.x?alertId=
=3DERP-60851"].=0D=0A=0D=0A-----BEGIN PGP SIGNATURE-----=0D=0A=0D=0A=
iQKBBAEBAgBrBQJY0qKqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg=0D=0A=
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx=0D=0A=
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmEgxAAshBFiyt/hGUC3/it=0D=0A=
JEYnR1a1Rspaba1kBbMQCgrfPK4hMaZwAykJzkaTSQMSo78SQ3+ddb4tVDk0bSk6=0D=0A=
8+WEKFApGC8K6iZkIrUMl2rCX+0A3km42j/IN6bUysuzj+wmj5CQauEgQ8+mgzBn=0D=0A=
DP5IUyKKaITH83/I2Esin1tsEMcwxVpOUnrjYQVrD4TRLIxp75GsLrF1LnLjPaXk=0D=0A=
PfU8IEk4OlU/CSePErbYo6Kp3C3spzmIOy6znkikHhlRAhzNcBLTuccY/ZmeFARK=0D=0A=
JdaWelXdf94GCWBb1iEi3vON/L/ISgDcR5NfOJ43ocot2oGriEq0+qXpabuWQJxI=0D=0A=
gGZpeITgPPZ8YaY+KK/yymNuag3/lwYn39cgiy7yqVlz54U8dz3Hp9KrB2o3/8+n=0D=0A=
HwyiRBCnZ81iXiy+2oZnosjOpKBnnlnkKhu9l8exxzqpUjRW2aagRzFqIhu7ZTsX=0D=0A=
V/BRMaqlBw1thXZlJGUxIomwocXb8f4OrCLh4G57h6749lPeDb/qH4GMriWLO1g4=0D=0A=
byCaaHuJ9qpkUYnOcpYaPjre2moC+sHaZZeEP13A9dgHBD3Ue21eiSiSRgnvRd5e=0D=0A=
624gJhBHRixDs6n3/ePHJ+jjDYhtBOMjIT7gKueeMocKosLqOrjMUwTPaOajCnoy=0D=0A=
lx3ZL8eV6WFSukbbuVDiimYbaM0=3D=0D=0A=3DLLYg=0D=0A-----END PGP SIG=
NATURE-----=0D=0A