Cisco has patched a denial-of-service vulnerability in its ASR 1000 line of routers, a bug that’s caused by an issue with the way the routers handle some fragmented packets.
The company said the DoS vulnerability affects all of the ASR 1000 Series Aggregation Services Routers that are running a vulnerable version of the IOS XE software. The ASR 1000 routers are edge routers designed for enterprise and service provider environments.
“A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet,” the Cisco advisory says.
“The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform.”
Cisco said that the bug can be triggered only by fragmented IPv4 or IPv6 packets that are sent to the device itself, and not by malformed packets that are simply passing through a vulnerable router. The bug affects IOS XE versions 2.1, 2.2, 2.3, 2.4, and 2.5. It is fixed in version 2.5.1, and versions 2.6 and 3.x aren’t vulnerable.
There aren’t any workaround for the vulnerability, but Cisco said it isn’t aware of any public exploits for it.