A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition.
This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx”]
This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74581”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_ios_xe_software | 3.15s | cpe:2.3:a:cisco:cisco_ios_xe_software:3.15s:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 3.16s | cpe:2.3:a:cisco:cisco_ios_xe_software:3.16s:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 3.17s | cpe:2.3:a:cisco:cisco_ios_xe_software:3.17s:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 16.4 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.4:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 16.5 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.5:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 3.18s | cpe:2.3:a:cisco:cisco_ios_xe_software:3.18s:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 3.18sp | cpe:2.3:a:cisco:cisco_ios_xe_software:3.18sp:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 16.6 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.6:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 16.7 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.7:*:*:*:*:*:*:* |
cisco | cisco_ios_xe_software | 16.8 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.8:*:*:*:*:*:*:* |