Administrators are advised to contact the vendor regarding future updates and releases.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to use the access-list
command to limit the number of hosts (IP addresses) allowed to connect to the management interface of system.
The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Intrusion Prevention System Software
Prevent disruption of communication between devices by reducing the impact of attacks which may directly impact the CPU performance of the individual devices. For control plane hardening best practices, see the Cisco Guide to Harden Cisco IOS Devices
Understanding activity on the network provides information and visibility that can be used to identify potential security incidents. Organizations should log events from devices and review the logged data to provide insight into anomalies or malicious activity. For logging best practices, see the Cisco Guide to Harden Cisco IOS Devices
It is critical to prevent unauthorized direct communication to network devices. Restrict network traffic destined for the network infrastructure to protect against reconnaissance and denial-of-service (DoS) attacks. For configuration details, see Protecting Your Core: Infrastructure Protection Access Control Lists
Network traffic should be monitored security-related network activity. NetFlow identifies security-related network activity. For NetFlow configuration details, see the Introduction to Cisco IOS NetFlow - A Technical Overview
Administrators are advised to monitor affected systems.