Cisco IOS XR ARP Broadcast Storm Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software. This issue allows an unauthenticated, adjacent attacker to trigger a broadcast storm, causing a DoS condition on the affected device. The vulnerability arises from the way Cisco IOS XR processes high volumes of ARP traffic on the management interface. An attacker could exploit this by sending excessive traffic, overwhelming the device's ARP processing capabilities. The result is degraded performance, loss of management connectivity, and complete unresponsiveness, leading to a DoS condition.

Impact

Exploitation of this vulnerability causes the device to drop packets from an internal queue associated with the ARP process, leading to congestion and unresponsiveness. This behavior generates continuous log entries indicating packet drops, further evidencing the denial-of-service condition.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. Consult the Cisco IOS XR Software Security Advisory Bundled Publication for specific upgrade instructions.