A vulnerability in the TACACS protocol implementation of the Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition because the vpnmgr process restarts.
 
The vulnerability is due to improper input validation of the TACACS packet header. An attacker could exploit this vulnerability by sending a crafted TACACS packet to the device. An exploit could allow the attacker to cause a partial DoS condition because the vpnmgr process could restart when parsing the crafted TACACS packet.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr

Leave a Reply