Cisco Bug: CSCvh98051 - pbr_ea crash after http redirect
Oct 23, 2019
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
Symptoms: A vulnerability in the Policy Based Routing (PBR) feature of Cisco IOS XR Software for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an authenticated, adjacent attacker to restart an internal process and cause a denial of service condition. The vulnerability is due to improper size validation when handling TCP packets. An attacker could exploit this vulnerability by sending crafted TCP packets to an affected system. An exploit could allow the attacker to force an internal process to restart, forbidding new Broadband Network Gateway (BNG) subscribers from accessing the network. Conditions: HTTP Redirect enabled. ASR 9000 configured as BNG router.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases