Cisco Catalyst 6500 Series switches and Cisco 7600 Series Internet routers contain a vulnerability in the Crypto feature set that could allow an attacker to create a denial of service condition.
A malformed Internet Key Exchange (IKE) packet may cause the affected products to reload. Only devices running Cisco IOS Software with Crypto support are affected. This vulnerability exists only in the modified IKE code, which was incorporated in the 12.2SXA, 12.2SXB, 12.2SX and 12.2SY Cisco IOS Software release trains.
Upgrade to a fixed version of IOS.
Customers who do not require IPSec functionality on their devices can use the command no crypto isakmp enable in configuration mode to disable processing of IPSec.
As a possible mitigation,
access lists could be applied on the affected IOS platforms to limit the source IP addresses that are permitted to establish IPSec sessions to the device.