Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability

A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for
Cisco CRS-3 Carrier Routing System could allow an unauthenticated,
remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the
line
card processing an IPv6 packet.

The vulnerability is due
to incorrect processing of an IPv6 packet carrying IPv6 extension
headers that are valid but unlikely to be seen during normal operation. An attacker
could exploit
this vulnerability by sending such an IPv6 packet to an
affected device that is configured to process IPv6 traffic. An exploit
could allow the attacker to cause a reload of the line card, resulting
in a DoS condition.

Cisco has confirmed the vulnerability in a security advisory and released software updates.

To exploit this vulnerability, an attacker may need to acquire additional information about the targeted device, such as whether the device has specific line cards installed and configured to process IPv6 traffic in addition to running an affected release of Cisco IOS XR Software. An attacker cannot exploit this vulnerability if these conditions are not met.

A successful exploit of this vulnerability could cause a widespread availability impact to systems that rely on an affected device for traffic forwarding.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.