A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet. The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There is no workaround that mitigates this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
3) Any previously listed line card is configured to process IPv6 traffic.
Administrators can use the show diag command to determine whether any of the affected line cards are installed on a Cisco CRS-3 Carrier Routing System device. The following output shows a Cisco CRS-3 Carrier Routing System device with a CRS-MSC-140G line card installed:RP/0/RP0/CPU0:router#sh diag Thu Jun 4 14:53:25.229 EDT CARD 0/0/* : Cisco CRS Series Modular Services Card 140G MAIN: board type 500064 800-32942-06 rev B0 dev N/A S/N SAX99999ZZZ PCA: 73-12720-06 rev A0 PID: CRS-MSC-140G VID: V03 CLEI: IPUCAZYBAC ECI: 180032
RP/0/RP0/CPU0:router#sh version Thu Jun 4 14:56:06.484 EDT Cisco IOS XR Software, Version 4.1.2[Default] Copyright (c) 2012 by Cisco Systems, Inc. ROM: System Bootstrap, Version 2.05(20110622:151317) [CRS ROMMON], router uptime is 2 years, 11 weeks, 5 days, 10 hours, 22 minutes System image file is "disk0:hfr-os-mbi-4.1.2.CSCtw71819-1.0.0/0x100008/mbihfr-rp-x86e.vm" cisco CRS-16/S (Intel 686 F6M14S4) processor with 12582912K bytes of memory. Intel 686 F6M14S4 processor at 2130Mhz, Revision 2.174 Cisco CRS Series 16 Slots Line Card Chassis
RP/0/RP0/CPU0:router# show ipv6 interface brief GigabitEthernet0/2/0/0 [Up/Up] fe80::212:daff:fe62:c150 202::1
RP/0/RP0/CPU0:router#sh ipv6 vrf all interface Thu Jun 4 15:12:11.170 EDT
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Alerts archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
The following Cisco IOS XR releases are affected by this vulnerability:
This vulnerability has been corrected in the following Software Maintenance Updates (SMUs):
Please consult the README file associated with each SMU for additional information.
Customers running Cisco IOS XR Releases 4.0.1, 4.0.2, 4.0.3, or 4.0.4 should upgrade to a currently supported release.
Cisco IOS XR Release 4.2.1 and later already include a fix for this vulnerability. No upgrade or SMU installation will be required.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
This vulnerability was found by Cisco internally.To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Revision 1.0 | 2015-June-11 | Initial public release |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.