Cisco IOS Software MLDP Denial of Service Vulnerability

A vulnerability in MLDP processing of Cisco IOS Software on Cisco 7600 Series routers could allow an unauthenticated, remote attacker to cause a reload of the affected device, which could lead to a denial of service (DoS) condition.

The vulnerability is due to chunk corruption when MLDP and a large number of VRFs are configured on a device. An attacker could exploit this vulnerability by sending a large number of multicast flows over a number of configured VRF instances. An exploit could allow the attacker to cause a reload of the affected device and lead to a DoS condition.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker need to have the ability to send a large number of multicast flows over a number of configured VRF instances to the targeted device. To achieve this, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement could limit the possibility of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.