Network Security, Patch/Configuration Management, Vulnerability Management

Cisco update eliminates DoS vulnerability in Aggregation Services Router operating system

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

The bug, designated CVE-2018-0136, specifically resides in the operating system's IPv6 subsystem, which was mishandling packets with a fragment header. Routers are affected if they are running version 5.3.4 of the software and have IPv6-configured Trident-based (Ethernet) line cards installed.

"An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card," Cisco explained in a security advisory. "A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart."

Cisco made its fix available via a software maintenance upgrade, and also incorporated the patch into service pack 7 for Cisco IOS XR Software Release 5.3.4.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.