Administrators are advised to patch as soon as possible

Feb 23, 2015 15:00 GMT  ·  By

A vulnerability has been found in two versions of Cisco IOS XR Software running on NCS 6000 and CRS-X routing hardware manufactured by the company, which could lead to a denial-of-service (DoS) condition.

The glitch is remotely exploitable by an unauthenticated threat actor and stems from improper parsing of malformed IPv6 packets that carry extension headers.

DoS condition can be extended through repeated exploitation

IOS XR Software builds prior to 5.3.2 available on NCS 6000 are vulnerable, while in the case of CRS-X (400-Gbps Modular Services Card and 400-Gbps Forwarding Processor Cards) the software versions susceptible to attacks are those earlier than 5.3.0. The condition for a successful attack is for Ipv6 to be enabled.

Cisco says in a security advisory that the vulnerability is triggered only if the IPv6 traffic is processed by the devices. If the traffic is intended for them, then the flaw, identified as CVE-2015-0618, cannot be exploited.

“An exploit could allow the attacker to cause a reload of the line card on the device, resulting in a DoS condition,” says the alert from the company.

Cisco admits that certain intermediate devices could mitigate the risk, but a malformed packet could still be sent from a remote network and terminate the activity of the hardware, a state which could be prolonged by repeated exploitation of the weakness.

Clients with an active contract receive the update via the regular channel

No workarounds are available to reduce or eliminate the danger of an attack, but the company integrated a security patch in the aforementioned versions of IOS XR for the affected products.

With a CVSS (Common Vulnerability Scoring System) base score of 7.1, the weakness is currently not exploited in the wild, according to data collected by Cisco Product Security Incident Response Team (PSIRT).

CVE-2015-0618 was not reported by a third-party; it was discovered through internal testing run by the company.

As general safeguards, administrators are recommended to apply the latest updates delivered through the usual update channels to customers with contracts, and to provide network access only to trusted users. Setting up a strong firewall should improve the security of the affected products.