A vulnerability in the DHCP version 6 (DHCPv6) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash.
The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending a malformed DHCPv6 packet to an affected device configured with DHCPv6 server functionality. An exploit could allow the attacker to cause the DHCPv6 process on the device to crash.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send malformed DHCPv6 packets to the targeted device. This access requirement may reduce the likelihood of a successful exploit. In addition, the attacker may need to obtain additional information, such as whether a DHCPv6 server is configured on the device.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.