8.6
CWE
126
Advisory Published

cisco-sa-lsplus-Z6AQEOjk: Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability

First published: Wed Apr 13 2022(Updated: )

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lsplus-Z6AQEOjk This advisory is part of the April 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco IOS XR Software Security Advisory Bundled Publication.

Credit: This vulnerability was found during the resolution a Cisco TAC support case

Affected SoftwareAffected VersionHow to fix
Cisco IOS XR Software
Cisco IOS XR Software=7.1.3<ASR9K-X64=7.1.2<ASR9K-X64
ASR9K-X64
ASR9K-X64
Cisco IOS XR Software=7.1.2<ASR9K-X64
ASR9K-X64

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the vulnerability ID of Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability?

    The vulnerability ID is cisco-sa-lsplus-Z6AQEOjk.

  • What is the severity level of cisco-sa-lsplus-Z6AQEOjk vulnerability?

    The severity level of the vulnerability is high with a CVSS score of 8.6.

  • Which line cards are affected by the Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability?

    Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers are affected.

  • How can an attacker exploit this vulnerability?

    An unauthenticated, remote attacker can cause the affected line card to reset using this vulnerability.

  • Is there a remedy available for this vulnerability?

    At the time of this advisory, no remediation is available for the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203