Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS and IOS XE Software. This vulnerability allows an unauthenticated, remote attacker to cause the affected device to reload, leading to a DoS condition. In Cisco IOS XR Software, the vulnerability can cause the ipsla_ippm_server process to reload unexpectedly, but only if debugs are enabled. The issue arises from out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending these crafted packets to an affected device.

Impact

Exploitation of this vulnerability causes the affected device to reload, resulting in a denial-of-service condition. In Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled.

Remediation

Cisco has released free software updates that address this vulnerability. Customers with service contracts should obtain these security fixes through their usual update channels. For information on which Cisco software releases are vulnerable, consult the 'Fixed Software' section of the advisory.