Vulnerability in the Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers
A weakness in the Cisco IOS XR Software Input Packet Processing Feature for Cisco ASR 9000 Series Aggregation Services Routers may allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
According to its self-reported version, IOS-XR is affected by a denial of service (DoS) vulnerability in the ingress packet processing function due to improper resource allocation when processing network traffic in software switching mode (punted). An unauthenticated, remote attacker can exploit this, by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device, to cause a DoS condition on the device.
To restore functionality, the system will need to be restarted. Software updates have been released by Cisco that fix this vulnerability. No workarounds are available that fix this vulnerability.
AFFECTED SYSTEMS
IOS XR Software for Cisco ASR 9000 Series Aggregation Services Router.
WHAT’S THE PROBLEM?
A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
WHAT HAPPENED?
Cisco has released a high-security advisory to address a vulnerability in the IOS XR Software for ASR 9000 Series Aggregation Services Routers.
Cisco has stated that the following Cisco products are not impacted by this vulnerability:
- IOS Software
- IOS XE Software
- IOS XRv 9000 Router
- NX-OS Software
| Plugin Details | |
| Severity | Medium |
| ID | 142890 |
| File Name | cisco-sa-xr-cp-dos-ej8VB9QY-iosxr.nasl |
| Version | 1.3 |
| Type | local |
| Family | CISCO |
| Published | 13-11-2020 |
| Updated | 13-11-2020 |
| Dependencies | 133723, 71430 |
| Risk Information | |
| Risk Factor | Medium |
| VPR Score | 4.4 |
| CVSS Score Source | CVE-2020-26070 |
| CVSS v2.0 | |
| Base Score | 5 |
| Vector: | CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P |
| CVSS v3.0 | |
| Base Score: 8.6 | 8.6 |
| Vector: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
