Published: 23/06/2015 Updated: 29/12/2016
CVSS v2 Base Score: 5.7 | Impact Score: 6.9 | Exploitability Score: 5.5
VMScore: 507
Vector: AV:A/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote malicious users to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

Vendor Advisories

A vulnerability in flow control processing of Cisco IOS XR Software for Cisco ASR 9000 Series Routers could allow an unauthenticated, adjacent attacker to cause a Network Processing Unit (NPU) chip reset and potentially a reload of the affected line card The vulnerability is due to improper processing of crafted IEEE 8023x flow control pause f ...