First published: Sat Aug 29 2015(Updated: )
Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =2.2.1 | |
Cisco IOS XE | =2.2.2 | |
Cisco IOS XE | =2.2.3 | |
Cisco IOS XE | =3.1.0s | |
Cisco IOS XE | =3.1.1s | |
Cisco Asr 1001 | ||
Cisco Asr 1001-x | ||
Cisco Asr 1002 | ||
Cisco Asr 1002-x | ||
Cisco Asr 1004 | ||
Cisco Asr 1006 | ||
Cisco Asr 1013 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.