Guest

Preview Tool

Cisco Bug: CSCuo91149 - MPLS packet via BVI interface may cause NP reset on Enhanced Ethernet LC

Last Modified

Aug 01, 2019

Products (7)

  • Cisco ASR 9000 Series Aggregation Services Routers
  • Cisco ASR 9922 Router
  • Cisco IOS XR Software
  • Cisco ASR 9010 Router
  • Cisco ASR 9006 Router
  • Cisco ASR 9001 Router
  • Cisco ASR 9912 Router

Known Affected Releases

4.3.4.MPLS

Description (partial)

Symptoms:
A vulnerability in the parsing of crafted MPLS packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an 
unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor (NP) chip and a line card processing traffic. 

The vulnerability is due to insufficient logic in parsing MPLS packets. An attacker could exploit this vulnerability by sending a stream of crafted MPLS 
packets to be routed by a BVI interface on the affected device. An exploit could allow the attacker to cause a lockup and eventual reload of an NP chip 
and a line card, leading to a denial of service (DoS) condition.


Conditions:

Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability.

L3 output interface is a bridged virtual interface (BVI)
L2 output interface (access circuit of the bridge domain) is on a Typhoon line card.

In the MPLS VPN scenario: routers are not exposed if the MPLS label allocation is per VRF. Per-VRF allocation is the only supported model with BVI, 
i.e. MPLS VPN customers are exposed only if they run an unsupported configuration. Restriction is documented on CCO.
In the MPLS VPN scenario: routers are exposed if labels are allocated for prefixes learned via BVI. MPLS LDP does not need to be enabled on BVI.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.