Cisco IOS XR 4.3.4 up to and including 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote malicious users to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios xr 4.3.0 |
||
cisco ios xr 4.3.1 |
||
cisco ios xr 4.3.2 |
||
cisco ios xr 4.3.3 |
||
cisco ios xr 5.1.0 |
||
cisco ios xr 5.1.1 |
||
cisco ios xr 5.1.2 |
||
cisco ios xr 5.2.0 |
||
cisco ios xr 5.2.1 |
Patches cooked for five versions of Cisco's IOS
Remote attackers can send some Cisco routers into a continuous denial of service funk by rebooting network processor chips with a crafted attack. The high-severity hole (CVE-2015-0695) affects the IOS XR software in Cisco ASR 9000 Series Aggregation Services routers running Typhoon-based cards, the second-generation of line cards. The Borg says exploitation could cause "a lockup and eventual reload of a network processor chip and a line card that is processing traffic, leading to a denial of ser...