Denial of Service Vulnerability in Cisco IOS XR on ASR 9000 Devices
CVE-2014-3321

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios Xr; Asr 9000 Rsp440 Router; Asr 9001; Asr 9006
Vendor: CVE Published:; 18 July 2014

Summary

A vulnerability exists in Cisco IOS XR 4.3.4 and earlier versions operating on ASR 9000 devices. When the bridge-group virtual interface (BVI) routing is enabled, it allows remote attackers to exploit the system by sending a series of specially crafted MPLS packets. This can lead to significant interruptions, causing hardware components such as chips and cards to hang, resulting in a denial of service. Organizations utilizing these devices should ensure they implement the necessary updates and security measures to mitigate potential exploitation.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030597

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 18, 2014
Vulnerability Reserved
May 7, 2014