SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS XR UDP Broadcast Processing Flaw Lets Remote Adjacent Network Users Deny Service
SecurityTracker Alert ID:  1040710
SecurityTracker URL:  http://securitytracker.com/id/1040710
CVE Reference:   CVE-2018-0241   (Links to External Site)
Date:  Apr 18 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco IOS XR. A remote user on the local network can cause denial of service conditions on the target system.

A remote user on the local network can send specially crafted UDP broadcast packets to a target interface that is configured with an IPv4 helper address to trigger a buffer leak in the UDP broadcast forwarding function's Software Packet Path (SPP) on the active Route Processor (RP). As a result, the system may drop some control plane traffic, including routing protocol packets, and may also drop pass-through traffic.

A manual reload is required to return the system to normal operations.

Systems with at least one IPv4 helper address configured on an interface are affected.

DHCP Relay Profile helper addresses and DHCPv6 Relay Service configurations are not affected.

The vendor has assigned bug ID CSCvi35625 to this vulnerability.

Impact:   A remote user on the local network can cause the target system to drop control plane traffic and pass-through traffic.

A manual reload is required to return the system to normal operations.

Solution:   The vendor has issued a fix (6.3.2).

Software maintenance upgrades (SMUs) for Cisco ASR 9000 Series routers are also available:

For 5.3.4: AA14136
For 6.1.4: AA14137
For 6.2.3: AA14138

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr (Links to External Site)
Cause:   Resource error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC