Cisco Patches IOS-XE Vulnerability

Friday, July 31, 2015 @ 02:07 PM gHale

Cisco patched a bad error message vulnerability that could lead IOS-XE versions prior to 3.13S to a remote denial-of-service (DoS) attack.

The company’s threat advisory said the exploit came to Cisco’s attention by an independent researcher.

Cisco Working on Videoscape Issues
Cisco Fixes Flaws in Security Wares
Cisco Fixes DoS Vulnerability
Trojan Focuses on Europe, North America

IOS XE is a Linux daemon version of the Borg’s operating system that abstracts routing functions away from platform-specific interfaces.

Cisco‚Äôs patch focuses on how the daemon triggers error messages for packets it can’t reassemble. “When an affected device fails to successfully perform reassembly, instead of silently dropping the fragments, the ATTN-3-SYNC_TIMEOUT error message may be triggered,” it said in its advisory.

The resulting consumption of CPU resources could cause queued processes to halt, Cisco said. “An attacker could trigger this vulnerability by sending a series of IPv4 or IPv6 fragments, that are designed to trigger the error message, directly to the affected device.”

IOS-XE users need to contact Cisco for an update.