You are here

U-180: Cisco IOS XR Packet Processing Flaw

May 31, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability was reported in Cisco IOS XR.

PLATFORM:

Version(s): XR 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, and 4.2.0

ABSTRACT:

A remote user can cause denial of service conditions.

Reference Links:

Security Tracker ID 1027104
CVE-2012-2488
Vendor Advisory

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send a specially crafted packet to the target device to cause the route processor to be unable to transmit route processor-based protocol packets to the fabric.
IP traffic transiting the device cannot trigger the flaw.
Cisco IOS XR is affected on the Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP440) and the Cisco Carrier Routing System (CRS) Performance Route Processor (PRP).
Cisco has assigned Cisco Bug IDs CSCty94537 (ASR 9000) and CSCtz62593 (CRS) to this vulnerability.

Impact:

A remote user can cause the route processor to be unable to transmit packets.

Solution:

A patch is available at Cisco.com.

Addthis