Executive Summary

Title Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
Name cisco-sa-20160810-iosxr First vendor Publication 2016-08-10
Vendor Cisco Last vendor Modification 2016-08-10
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system.

The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr

BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXq0sPAAoJEK89gD3EAJB5liEP/Rv+55HMKOM4QC32IbekVhxI Nc4STIpJo6t9aKJWCBdR7swlZdl/ofoShSsPQFgfW8Vjm/NoOIqpXPf6O3P0dlY3 tWgA2jyvYyV1rlpxAir398i/pTCF4e/7DhI+67ZNy8QsP4Qr2BR3XMzZSW3bn9ol LJL2FxveLkz2V01QjrM6HgstmpxUGmrbQvd2dxXexOVXZObdvHm+nHeGHGXCS77c Ercxh4uFwrenWe+h9oSr5y+txo8YZzogCfQNQjOuuF+8/4FYr5v40OjulBYNb4sp 7M8JRxmfI4ost/uVbODtyPvp7LBR1AmXt4z/anuq4iWrKSOT5XbiQF83TpCpeR86 IE/hWSCony2cz2Ku9yw0bc38Z28t1PR5zrm/ARU/BWyldJBTn1ww71IU295/FwJt b5Bfxt2HwJgwkRaGQJa0hKt9nfs8sEzi12DtCdHUO1r9VqsXedTNqRLgUPtTrTNA lQ4j5UVGvplzfn2ArrndRkbtDotRssvb0IyQ1YlgVo4u2Wl5WllvUgVOzb5lQIcn DNvcj4WU/SL+09JLsOcwzPqyt7Mf7TqAuz0aK4cONTCcff5jgAC2K++cAk8KpZBl MM3v4bgWMn/3SjyjjwmhF9pA8jxYCcfrWSXuh0MXnf5q+U82G6mpqmTrzegaAHON XAvWYG9thoADLmFBWIwd =hP4Y END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

Os 14

Nessus® Vulnerability Scanner

Date Description
2016-08-19 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20160810-iosxr.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-08-23 17:26:01
  • Multiple Updates
2016-08-23 09:26:24
  • Multiple Updates
2016-08-20 13:26:23
  • Multiple Updates
2016-08-10 21:23:48
  • First insertion