Cisco update eliminates DoS vulnerability in Aggregation Services Router OS
Cisco update eliminates DoS vulnerability in Aggregation Services Router OS

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

The bug, designated CVE-2018-0136, specifically resides in the operating system's IPv6 subsystem, which was mishandling packets with a fragment header. Routers are affected if they are running version 5.3.4 of the software and have IPv6-configured Trident-based (Ethernet) line cards installed.

"An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card," Cisco explained in a security advisory. "A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart."

Cisco made its fix available via a software maintenance upgrade, and also incorporated the patch into service pack 7 for Cisco IOS XR Software Release 5.3.4.