CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:N/I:N/A:C
EPSS
Percentile
5.1%
Cisco IOS XR Software is affected by a denial of service (DoS) vulnerability that could allow an authenticated, local attacker to trigger a reload of the affected device by locally generating certain Internet Control Message Protocol (ICMP) messages.
The vulnerability is due to a combination of Silicon Packet Processor (SPP) buffer corruption and a mutex issue when an extended ping with timeout=0 and a large packet size is terminated with Control-C. An attacker could exploit this vulnerability by sending large ICMP packets from an affected device.
Cisco has confirmed this vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, the attacker would need to authenticate locally to the targeted system. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios_xr_software | any | cpe:2.3:o:cisco:ios_xr_software:any:*:*:*:*:*:*:* |