Security Experts:

Cisco Routing Systems Vulnerable to Malformed IPv6 Packet Attacks

Cisco Fixes DoS Vulnerability in IOS XR Software

Cisco has released software updates to address a denial-of-service (DoS) vulnerability in IOS XR Software, a self-healing and fully distributed network operating system designed for service providers.

The security hole patched by Cisco is caused by the improper handling of malformed IPv6 packets carrying extension headers. An unauthenticated, remote attacker can leverage this vulnerability to get the line card on affected devices to reload by sending a specially crafted IPv6 packet. By exploiting the bug repeatedly, the attacker can cause an extended DoS condition.

The flaw impacts the Cisco Network Convergence System 6000 (NCS 6000) and all Cisco Carrier Routing System X (CRS-X) line cards running a vulnerable version of the operating system.

The vulnerability does not affect Cisco 12000 Series Routers, Cisco ASR 9000 Series Aggregation Services Routers, Cisco Carrier Routing System 1 (CRS-1), or Cisco Carrier Routing System 3 (CRS-3).

Cisco noted in an advisory that devices are only vulnerable if they are configured to process IPv6 traffic because the flaw can only be exploited using IPv6 packets. Customers can check if IPv6 is enabled by using the show ipv6 interface brief command.

“While certain intermediate devices may block malformed IPv6 packets, the possibility still exists for a malformed packet to originate from a remote network and exploit this vulnerability on an affected device,” Cisco said.

The security hole was identified by Cisco during internal testing and the company says there is no evidence that the vulnerability has been exploited in the wild.

The CVE-2015-0618 identifier and a CVSS base score of 7.1 have been assigned to the flaw.

This isn’t the only vulnerability patched by Cisco this month. The company also released software updates to address a command injection flaw affecting the WebEx Meetings Server (CVE-2015-0589) and a SQL injection vulnerability in Secure Access Control System (CVE-2015-0580).

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.