Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet.

The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform.

Cisco has released software updates that address this vulnerability.

There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k”]