Cisco ASR 903 IOS XE ARP Denial-of-Service Vulnerability on RSP3C

A denial-of-service vulnerability has been identified in the Cisco Express Forwarding functionality of Cisco IOS XE Software running on Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C). This vulnerability allows an unauthenticated, adjacent attacker to disrupt service by sending crafted Address Resolution Protocol (ARP) messages at a high rate over time. The exploitation of this vulnerability exhausts system resources, leading to a reload of the active route switch processor. If no redundant RSP is present, the router reloads, causing a temporary loss of service.

Impact

Exploitation of this vulnerability causes the active route switch processor to reload, disrupting network service. If a redundant RSP is not available, the router experiences a complete reload, further amplifying the service disruption.

Remediation

Cisco has released free software updates that address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. To determine exposure to this vulnerability, use the Cisco Software Checker tool, available on the Cisco Security Advisories page.