Number: IRCNE2015082590
Date: 2015/08/05
According to “tripwire”, Cisco has patched a vulnerability in the code that handles the reassembly of fragmented IPv4 and IPv6 packets of its IOS XE Software for its ASR 1000 Series Aggregation Services Routers.
According to an advisory released by Cisco, an unauthenticated, remote attacker could exploit this vulnerability to cause a crash of the Embedded Services Processor (ESP) that processes the packet.
Successful exploitation of this vulnerability could cause a denial of service (DoS) condition. If repeatedly exploited, an extended DoS condition could ensue.
At this time, Cisco is not aware of any public exploits for the bug.
There are no workarounds for the vulnerability, which received a 7.8 severity rating due to the ease with which attackers can exploit it. As a result, sysadmins have no choice but to patch their systems.
Those who have IOS XE software versions 2.3 and earlier should update their software to 2.5.1 or higher, whereas those who are running 2.4 and 2.5 should also update for undisclosed reasons.
- 2