Cisco IOS XR EPNI Aligner Interrupt Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Cisco IOS XR Software running on Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards, as well as Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software. The issue arises from the improper handling of Egress Packet Network Interface (EPNI) Aligner interrupts, which can lead to packet corruption under certain conditions. When an affected device experiences heavy transit traffic, an unauthenticated, remote attacker can exploit this vulnerability by sending a continuous stream of crafted packets to the device's interface. This exploitation causes the network processing unit (NPU) and application-specific integrated circuit (ASIC) to cease normal processing, resulting in significant, persistent packet loss and disrupting traffic flow on the affected interface.

Impact

Exploitation of this vulnerability causes the network processing unit (NPU) and ASIC to stop processing traffic on the affected interface, leading to persistent, heavy packet loss and a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a continuous flow of crafted packets to an interface on a device running the affected Cisco IOS XR Software version, while the device is experiencing heavy transit traffic. This will trigger the EPNI Aligner interrupt, causing packet corruption and disrupting normal traffic processing on the interface.

Remediation

Cisco has released software updates to address this vulnerability. For devices running Cisco IOS XR 7.9.2, 7.10.2, 7.11.2, 7.11.21, 24.1.2, 24.2.2, 24.2.21, 24.3.2, 24.4.2 or 25.1.2, the vulnerability can be mitigated by upgrading to the fixed release. Instructions for obtaining the update are available on the Cisco Support and Downloads page.