Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105687
Category:CISCO
Title:Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
Summary:A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for;Cisco CRS-3 Carrier Routing System could allow an unauthenticated,;remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the;line;card processing an IPv6 packet.;;The vulnerability is due;to incorrect processing of an IPv6 packet carrying IPv6 extension;headers that are valid but unlikely to be seen during normal operation. An attacker;could exploit;this vulnerability by sending such an IPv6 packet to an;affected device that is configured to process IPv6 traffic. An exploit;could allow the attacker to cause a reload of the line card, resulting;in a DoS condition.;;Cisco has confirmed the vulnerability in a security advisory and released software updates.;;;To exploit this vulnerability, an attacker may need to acquire additional information about the targeted device, such as whether the device has specific line cards installed and configured to process IPv6 traffic in addition to running an affected release of Cisco IOS XR Software. An attacker cannot exploit this vulnerability if these conditions are not met.;;A successful exploit of this vulnerability could cause a widespread availability impact to systems that rely on an affected device for traffic forwarding.;;Cisco indicates through the CVSS score that functional exploit code exists. However, the code is not known to be publicly available.
Description:Summary:
A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for
Cisco CRS-3 Carrier Routing System could allow an unauthenticated,
remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the
line
card processing an IPv6 packet.

The vulnerability is due
to incorrect processing of an IPv6 packet carrying IPv6 extension
headers that are valid but unlikely to be seen during normal operation. An attacker
could exploit
this vulnerability by sending such an IPv6 packet to an
affected device that is configured to process IPv6 traffic. An exploit
could allow the attacker to cause a reload of the line card, resulting
in a DoS condition.

Cisco has confirmed the vulnerability in a security advisory and released software updates.


To exploit this vulnerability, an attacker may need to acquire additional information about the targeted device, such as whether the device has specific line cards installed and configured to process IPv6 traffic in addition to running an affected release of Cisco IOS XR Software. An attacker cannot exploit this vulnerability if these conditions are not met.

A successful exploit of this vulnerability could cause a widespread availability impact to systems that rely on an affected device for traffic forwarding.

Cisco indicates through the CVSS score that functional exploit code exists. However, the code is not known to be publicly available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0769
Cisco Security Advisory: 20150611 Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
http://www.securitytracker.com/id/1032563
CopyrightThis script is Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.