Release date:
Updated on:
Affected Systems:
Cisco IOS xr4.2
Cisco ios xr 4.1.2
Cisco ios xr 4.1.1
Cisco ios xr 4.1.0
Cisco ios xr 4.0.4
Cisco ios xr 4.0.3
Unaffected system:
Cisco ios xr 4.2.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53728
Cve id: CVE-2012-2488
Cisco ios xr is a next-generation network and Cisco carrier routing system.
Implementation Vulnerabilities in earlier versions of Cisco Ios Xr 4.2.1 originated from Cisco 9000 Series Aggregation Service Router (ASR) and route exchange processor (RSP440) or the routing system performance routing processor (CRS) improperly processes specially crafted packets. Remote unauthenticated attackers can send specially crafted packets to the affected system to exploit this vulnerability to cause DOS.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120530-iosxr) and patches for this:
Cisco-sa-20120530-iosxr: Cisco ios xr Software Route Processor Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr