CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
Percentile
62.2%
A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a Performance Routing Engine (PRE) crash on a targeted system, resulting in a denial of service (DoS) condition.
The vulnerability is due to a race condition that may cause a NULL pointer to be freed. An attacker could exploit this vulnerability by submitting crafted content to a targeted device designed to trigger a race condition. A successful exploit could cause a PRE module on the device to crash, resulting in a DoS condition.
Cisco has confirmed the vulnerability and released software updates.
An attacker would need to cause hundreds of IPv6-enabled customer premises equipment (CPE) devices to drop and reestablish connectivity with the affected UBR simultaneously and repeatedly over a period of time. This requirement would make it difficult to achieve a successful exploit.