IOS XE vulnerability lets attackers force devices to reload

The most recent operating system from Cisco, IOS XE Release 16.1.1, shipped with a vulnerability that can allow hackers to take control of network devices and cause an affected device to reload.

Cisco advised that the “vulnerability is due to incorrect processing of packets having a source MAC address of 0000:0000:0000”.  Release 16.1.1 was for the enterprise-class 3650/3850 stackable switches, despite the operating system being for routers and appliances as well.

The update shipped early in December. Cisco released software updates to address the vulnerability and also advised that there are no workarounds to mitigate it.

No other Cisco products are known to have been affected by the vulnerability.