Guest

Preview Tool

Cisco Bug: CSCut19959 - Pause-frame injection stuck in IDMA cause Tomahawk NP reset for 10G int

Last Modified

Aug 06, 2018

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

5.3.1.BASE

Description (partial)

Symptoms:
 A vulnerability in flow control processing of Cisco IOS XR for Cisco ASR 9000 Series Routers could allow an unauthenticated, adjacent attacker to cause a NP chip 
reset and potentially a reload of the affected line card.

The vulnerability is due to improper processing of crafted IEEE 802.3x flow control pause frames. An attacker could exploit this vulnerability by sending a number of 
crafted IEEE 802.3x flow control pause frames to an affected device. An exploit could allow the attacker to cause a NP chip reset and potentially a reload of the 
affected line card.
 
 
Conditions:
- Cisco ASR9000 with Tomahawk based line card running post 5.3.0 software.
- Cisco IOS XR device does NOT have to be configured to process IEEE 802.3x flow control frames from an adjacent L2 device. Apart from an ethernet interface in 
enabled state reachable by a L2 adjacent neighbor, no configuration is required for this vulnerability to be exploited.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.