Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability

A vulnerability in PPP over Ethernet (PPPoE) processing on Cisco IOS XE for Cisco 1000 Series ASR routers could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.

The vulnerability is due to improper processing of malformed PPPoE Active Discovery Request (PADR) packets. An attacker could exploit this vulnerability by sending PADR packets as part of PPPoE establishment. An exploit could allow the attacker to cause a reload of the affected device.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as the targeted system. This access requirement reduces the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.