Denial of Service Vulnerability in Cisco IOS XR on ASR 9000 Devices
CVE-2014-3322

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios Xr; Asr 9000 Rsp440 Router; Asr 9001; Asr 9006
Vendor: CVE Published:; 24 July 2014

Summary

The Cisco IOS XR software, specifically in versions 4.3(.2) and earlier, has a security flaw that compromises the NetFlow sampling mechanism. Attackers can exploit this vulnerability through malformed IPv4 or IPv6 packets, potentially causing severe disruptions, including chip and card hangs. This issue emphasizes the need for robust network security management to prevent unauthorized access and maintain service integrity.

References

http://secunia.com/advisories/60311

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1030623

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
May 7, 2014