#VU301 Memory leak in Cisco IOS XR
Vulnerability identifier: #VU301
Vulnerability risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco IOS XR
Operating systems & Components /
Operating system
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause a denial of service attack.
The vulnerability exists due to an error in driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers. A remote unauthenticated attacker can send specially crafted fragmented IPv4 or IPv6 packets to unicast address of vulnerable device and cause memory leak on the route processor (RP).The packets can be send to arbitrary address of the affected device.
Successful exploitation of this vulnerability will result in denial of service of the vulnerable device.
Mitigation
This vulnerability is fixed in Cisco IOS XR Software Release 5.3.3 for Cisco ASR 9001 Aggregation Services Routers.
This vulnerability has also been corrected in the following Software Maintenance Updates (SMUs) for Cisco IOS XR Software:
- asr9k-px-5.3.2.CSCux26791.pie for Releases 5.3.x
- asr9k-px-5.2.4.CSCux26791.pie for Releases 5.2.x
- asr9k-px-5.1.3.CSCux26791.pie for Releases 5.1.x
Vulnerable software versions
Cisco IOS XR: 5.1.0 - 5.3.2
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
