Cisco IOS XR Software Denial-of-Service Vulnerability via Malformed IPv4 Packets

A denial-of-service vulnerability has been identified in Cisco IOS XR Software running on ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers. The issue arises in the IPv4 access control list (ACL) and quality of service (QoS) policy features. The vulnerability allows an unauthenticated, remote attacker to cause a line card to reset, disrupting network traffic and causing a temporary loss of service. This issue primarily affects Layer 2 VPN environments with applied IPv4 ACLs or QoS policies, but can also impact Layer 3 configurations.

Impact

Exploitation of this vulnerability leads to a reset or shutdown of the affected line card's network process, causing a loss of traffic until the line card reloads.

Reproduction

The vulnerability can be reproduced by applying an IPv4 ACL or QoS policy to a Layer 2, Layer 3, or bridge virtual interface on a vulnerable Cisco router. Once the policy is applied, sending crafted IPv4 packets through the affected interface will trigger the vulnerability, causing the line card to reset.

Remediation

Cisco has released software updates that address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance.