Denial of service in Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers

1) Memory leak

EUVDB-ID: #VU301

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6355

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service attack.

The vulnerability exists due to an error in driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers. A remote unauthenticated attacker can send specially crafted fragmented IPv4 or IPv6 packets to unicast address of vulnerable device and cause memory leak on the route processor (RP).The packets can be send to arbitrary address of the affected device.

Successful exploitation of this vulnerability will result in denial of service of the vulnerable device.

Mitigation

This vulnerability is fixed in Cisco IOS XR Software Release 5.3.3 for Cisco ASR 9001 Aggregation Services Routers.

This vulnerability has also been corrected in the following Software Maintenance Updates (SMUs) for Cisco IOS XR Software:

• asr9k-px-5.3.2.CSCux26791.pie for Releases 5.3.x
• asr9k-px-5.2.4.CSCux26791.pie for Releases 5.2.x
• asr9k-px-5.1.3.CSCux26791.pie for Releases 5.1.x

Vulnerable software versions

Cisco IOS XR: 5.1.0 - 5.3.2

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.