Cisco ios xr Software Static Punt hacker DoS Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco IOS XR
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68351
CVE (CAN) ID: CVE-2014-3308
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
On the Trident line card of the Cisco ASR 9000 series router, the implementation of punt-police has a security vulnerability, which can cause unauthenticated remote attackers to exhaust the CPU resources on the Trident line card or RP, then cause a denial of service. This vulnerability is caused by the lack of static punt-validator for communications to affected devices.
<* Source: Cisco
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://tools.cisco.com/security/center/publicationListing.x #~ CiscoSecurityResponse
This article permanently updates the link address: