Cisco IOS XR Software Denial-of-Service Vulnerability in Release 7.9.2

A denial-of-service vulnerability has been identified in Cisco IOS XR Software Release 7.9.2. This issue arises from the improper handling of certain packets that are punted from a line card to a route processor. An unauthenticated, adjacent attacker could exploit this vulnerability by sending traffic that the Linux stack on the route processor must manage, disrupting control plane operations on affected devices. This vulnerability impacts multiple Cisco IOS XR platforms.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by disrupting control plane traffic on affected devices.

Reproduction

The vulnerability can be reproduced by sending specific types of traffic from an adjacent device that targets the Linux stack on the route processor of a device running Cisco IOS XR Release 7.9.2. This can be done by exploiting the incorrect handling of punted packets, which can be facilitated through manipulation of BGP AS-paths using features like AS-override and BGP confederations, leading to an infinite loop that eventually crashes the BGP process.

Remediation

Cisco has released software updates that address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For platforms or releases not covered by a service contract, contact the Cisco Technical Assistance Center (TAC) for assistance.