A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for
Cisco CRS-3 Carrier Routing System could allow an unauthenticated,
remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the
line
card processing an IPv6 packet.

The vulnerability is due
to incorrect processing of an IPv6 packet carrying IPv6 extension
headers that are valid but unlikely to be seen during normal operation. An attacker
could exploit
this vulnerability by sending such an IPv6 packet to an
affected device that is configured to process IPv6 traffic. An exploit
could allow the attacker to cause a reload of the line card, resulting
in a DoS condition.

Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr

Leave a Reply