Vulnerability in the Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers

A weakness in the Cisco IOS XR Software Input Packet Processing Feature for Cisco ASR 9000 Series Aggregation Services Routers may allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

According to its self-reported version, IOS-XR is affected by a denial of service (DoS) vulnerability in the ingress packet processing function due to improper resource allocation when processing network traffic in software switching mode (punted). An unauthenticated, remote attacker can exploit this, by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device, to cause a DoS condition on the device.

To restore functionality, the system will need to be restarted. Software updates have been released by Cisco that fix this vulnerability. No workarounds are available that fix this vulnerability.


IOS XR Software for Cisco ASR 9000 Series Aggregation Services Router.


A remote attacker could exploit this vulnerability to cause a denial-of-service condition.


Cisco has released a high-security advisory to address a vulnerability in the IOS XR Software for ASR 9000 Series Aggregation Services Routers.

Cisco has stated that the following Cisco products are not impacted by this vulnerability:

  • IOS Software
  • IOS XE Software
  • IOS XRv 9000 Router
  • NX-OS Software
Plugin Details
Severity Medium
File Namecisco-sa-xr-cp-dos-ej8VB9QY-iosxr.nasl
Type local
Dependencies133723, 71430
Risk Information
Risk FactorMedium
VPR Score4.4
CVSS Score Source CVE-2020-26070
CVSS v2.0
Base Score5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3.0
Base Score: 8.68.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Leave a Reply

Your email address will not be published. Required fields are marked *