Guest

Preview Tool

Cisco Bug: CSCuq95241 - IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

Last Modified

Sep 17, 2019

Products (19)

  • Cisco Network Convergence System 6000 Series Routers
  • Cisco CRS-X 8-Slot Single-Shelf System
  • Cisco CRS-1 Line Card Chassis (Dual)
  • Cisco CRS-1 16-Slot Line Card Chassis
  • Cisco CRS-X Multishelf System
  • Cisco CRS-1 Line Card Chassis (Multi)
  • Cisco NCS 6008 - 8-Slot Chassis
  • Cisco CRS-3 Multishelf System
  • Cisco IOS XR Software
  • Cisco CRS-1 4-Slot Single-Shelf System
View all products in Bug Search Tool Login Required

Known Affected Releases

5.2.1.BASE

Description (partial)

<b>Symptom:</b>
A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic.

The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device.

Cisco has released free software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6

<b>Conditions:</b>
Refer to the published Cisco Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.