Multivendor Vulnerability Alert
Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability
Severity
Alert ID:
35776
First Published:
2014 September 19 17:51 GMT
Version:
1
CVSS Score:
Base 6.1,
Temporal 5.3
Click Icon to Copy Verbose Score
AV:A/AC:L/Au:N/C:N/I:N/A:C/E:ND/RL:OF/RC:C
Click Icon to Copy Verbose Score
AV:A/AC:L/Au:N/C:N/I:N/A:C/E:ND/RL:OF/RC:C
-
Cisco IOS XR Software contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service condition. Updates are available.
-
To exploit this vulnerability, an attacker must have access to the same broadcast or collision domain as the targeted device. This access requirement decreases the likelihood of a successful exploit. In addition, the targeted device must be configured to process MPLS packets, which may require the attacker to obtain additional knowledge about the device prior to an exploit attempt.
-
Cisco has released a security notice at the following link: CVE-2014-3379
Customers are advised to consult Cisco bug ID CSCuq10466 for a complete list of affected product versions.
-
Initial ReleaseShow Less
-
The security vulnerability applies to the following combinations of products.
Primary Products Cisco Cisco IOS XR Software 5.1 (Base) | for Cisco Network Convergence System 6000 Series Routers (5.0.0, 5.0.1) Associated Products
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products