Cisco IOS XR Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to improper processing of fragmented packets by the following:
- Cisco CRS 16-Slot Line Card Chassis Route Processor (RP-A)
- Cisco CRS 16-Slot Line Card Chassis Route Processor B (RP-B)
- Carrier Routing System (CRS) Performance Route Processor (PRP)
- Cisco CRS Distributed Route Processor (DRP-B)
An attacker could exploit this vulnerability by sending fragmented packets to a vulnerable system; this vulnerability cannot be triggered by IP traffic traversing a vulnerable device. An exploit could allow the attacker to cause the packets originating on the Route Processor CPU to stop transmitting to the fabric, resulting in a DoS condition.
This vulnerability can be triggered by both IPv4 and IPv6 traffic and does not require a TCP three-way handshake.
Cisco has confirmed the vulnerability in a security advisory and released software updates.