Cisco IOS XE Software IP Header Sanity Check Denial of Service Vulnerability

A vulnerability in the Cisco Express Forwarding processing module that checks the sanity of IP headers on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.

The vulnerability is due to improper processing of Multiprotocol Label Switching (MPLS) packets. When certain additional features are configured, an attacker could exploit this vulnerability by sending MPLS packets to traverse and exit an affected device as IP packets. An exploit could allow the attacker to cause the device to reload, leading to a DoS condition.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker may need access to trusted, internal networks; in which the targeted device may reside, in order to send MPLS packets. This access requirement may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.