Only a specific family of routers was affected

Jun 16, 2015 14:21 GMT  ·  By
Cisco CSR-3 routers could be brought down using a special crafted IPv6 packet
   Cisco CSR-3 routers could be brought down using a special crafted IPv6 packet

In quick Cisco fashion, the company has detected and patched a potential DoS (Denial-of-Service) issue affecting its IOS XR operating system.

The vulnerability is classified as a medium level security threat and is detailed in CVE-2015-0769.

According to the Cisco team that discovered the issue, only CRS-3 Carrier Routing Systems are affected, running the following IOS XR versions: 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, and 4.2.0.

A DoS attack can be triggered by sending special crafted IPv6 packets to the routers, which must also have CRS-MSC-140G, CRS-FP140 or CRS-LSP line cards installed on the chassis, with the line cards configured for IPv6.

The problem resided in the way IPv6 extension headers were being processed

The issue resides in the IPv6 protocol processing code, which can cause the router to reload the line card.

Apparently, there have not been reported any instances where the vulnerability was used, but the bug can be utilized in targeted attacks to repeatedly reload line cards on affected routers, effectively shutting them down for the duration of the attack.

Upgrades were issued for all affected IOS XR instances except 4.0.x, customers of which were advised to upgrade to a more recent version of Cisco's operating system instead.