Cisco said on Thursday it has patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.
The vulnerability, Cisco said, rests in the IPv6 processing code used by IOS XR in the Cisco CRS-3 Carrier Routing System. The bug is remotely exploitable and is due to incorrect processing of legitimate IPv6 packets carrying valid IPv6 extension headers. Cisco said while the headers are valid, they’re unlikely to be seen in “normal operation.”
“An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic,” Cisco said in its advisory. “An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition.”
Cisco said that a software update is available, and added there are no workarounds. The advisory adds that the vulnerability was found internally and Cisco is not aware of public exploits.
The vulnerability affects: Cisco IOS XR Releases 4.0.1, 4.0.2, 4.0.3 and 4.0.4; Cisco IOS XR Releases 4.1.0, 4.1.1 and 4.1.2; Cisco IOS XR Release 4.2.0, and is patched in the following software maintenance updates: hfr-px-4.1.0.CSCtx03546.pie for release 4.1.0; hfr-px-4.1.1.CSCtx03546.pie for release 4.1.1; hfr-px-4.1.2.CSCtx03546.pie for release 4.1.2; hfr-px-4.2.0.CSCtx03546.pie for release 4.2.0.
Cisco said the carriers and other customers already running Cisco IOS XR releases 4.2.1 and later are unaffected since the software already contains the fix.
Cisco urges affected customers to patch immediately since the vulnerability can be repeatedly attacked and cause extended downtime on the device. The bug, Cisco said, can be triggered by IPv6 transit traffic, or traffic sent to the device.
Cisco generally sends IOS patches on a semiannual basis, in March and September. The bulk of the March advisories addressed denial of service vulnerabilities in the networking operating system.
Cisco said the most severe issue according to Cisco involves multiple vulnerabilities in Cisco IOS and IOS XE Autonomic Networking Infrastructure, a feature that is vulnerable to remote attack leading to router or switch crashes or a hacker remotely gaining control of the affected device.