Cisco patches vulnerability in its IOS XR Software
If left unpatched the issue can allow for a denial of service condition to be created.
Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.
The vulnerability (CVE-2016-6355) is due to the software's incorrect handling of crafted, fragmented packets sent to the router. A successful attack could allow someone to cause a memory leak on the router's rendezvous point “which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system,” Cisco wrote in a release.
The affected software is Cisco IOS XR Software Releases 5.1.x, 5.2.x, and 5.3.x running on Cisco ASR 9001 Aggregation Services Router.