High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
Arthur T Knackerbracket has found the following story:
A high-severity flaw in Cisco's IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR).
The flaw stems from Cisco IOS XR, a train of Cisco Systems' widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges in video traffic.
A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS [denial-of-service] condition," according to a Tuesday security advisory by Cisco.
The flaw (CVE-2020-26070), which ranks 8.6 out of 10 on the CVSS scale, stems from an issue with the ingress packet processing function of Cisco IOS XR software. Ingress packet processing is a technique used to sort through incoming packets from different networks.
The vulnerability is due to improper resource allocation when an affected device processes network traffic. An attacker could exploit the flaw by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device, ultimately exhausting its buffer resources and crashing the device.
Read more of this story at SoylentNews.