Patch/Configuration Management, Vulnerability Management

Cisco patches vulnerability in its IOS XR Software

Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.

The vulnerability (CVE-2016-6355) is due to the software's incorrect handling of crafted, fragmented packets sent to the router. A successful attack could allow someone to cause a memory leak on the router's rendezvous point “which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system,” Cisco wrote in a release.

The affected software is Cisco IOS XR Software Releases 5.1.x, 5.2.x, and 5.3.x running on Cisco ASR 9001 Aggregation Services Router.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.