Cisco has patched a vulnerability in the code that handles the reassembly of fragmented IPv4 and IPv6 packets of its IOS XE Software for its ASR 1000 Series Aggregation Services Routers.
According to an advisory released by Cisco, an unauthenticated, remote attacker could exploit this vulnerability to cause a crash of the Embedded Services Processor (ESP) that processes the packet.
“The vulnerability is due to improper processing of crafted, fragmented packets,” the advisory reads. “An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform. This vulnerability can be triggered by IPv4 or IPv6 crafted, fragmented packets destined to the device itself. It cannot be triggered by transit traffic.”
Successful exploitation of this vulnerability could cause a denial of service (DoS) condition. If repeatedly exploited, an extended DoS condition could ensue.
At this time, Cisco is not aware of any public exploits for the bug.
There are no workarounds for the vulnerability, which received a 7.8 severity rating due to the ease with which attackers can exploit it. As a result, sysadmins have no choice but to patch their systems.
Those who have IOS XE software versions 2.3 and earlier should update their software to 2.5.1 or higher, whereas those who are running 2.4 and 2.5 should also update for undisclosed reasons.
Versions 2.6 and 3.x train are not affected by this vulnerability.
Cisco has specific instructions for those looking to upgrade:
“Cisco encourages customers migrating to a Cisco IOS XE Software train different from the one currently running on the device to select one of the Cisco IOS XE Software extended support trains including, but not limited to, Cisco IOS XE Software trains 3.4S, 3.7S, and 3.10S. Consult your support provider for the most appropriate software train to migrate to, based on the specific device hardware configuration and feature requirements.”
To read the full advisory on this vulnerability, please click here.
News of this fix follows a patch released by Cisco in June of this year for SSH keys vulnerabilities that affected several of its virtual appliances.