Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability

ID CISCO-SA-20150831-CVE-2015-6274
Type cisco
Reporter Cisco
Modified 2015-08-31T23:18:57


A vulnerability in the Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to the processing of excessive number of IPv4 packets that require fragmentation and reassembly. An attacker could exploit ths vulnerability by sending an excessive number of fragmented packets, causing high Cisco QuantumFlow Processor (QFP) CPU utilization in the Embedded Services Processor (ESP).

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, the attacker must send an excessive number of fragmented packets to the targeted system, making exploitation more difficult in environments that restrict access from untrusted sources

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.