Cisco updated its IOS XR network operating system to address a flaw attackers could leverage to cause a denial-of-service (DoS) on CRS-3 Carrier Routing Systems.
A medium severity vulnerability (CVE-2015-0769) exists in the IPv6 processing code of IOS XR Software installed on CRS-3 Carrier Routing Systems, according to an advisory published by Cisco. An attacker can cause the line card to reload by sending specially crafted IPv6 packets.
Exploiting this vulnerability, an attacker could cause an extended DoS condition, Cisco said in its advisory.
The company said the flaw affects Cisco CRS-3 Carrier Routing System devices only if they are running a vulnerable release of IOS XR, if they have CRS-MSC-140G, CRS-FP140 or CRS-LSP line cards installed on the chassis, and if the line card configuration is for IPv6.
The vulnerability affects the following Cisco IOS XR releases: 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, and 4.2.0.
Cisco released software maintenance updates (SMUs) to address the issue in versions 4.1.0, 4.1.1, 4.1.2, and 4.2.0. Customers who use 4.0.x versions should upgrade their installations to a currently supported release.
The company said their own team discovered the vulnerability and there is no evidence it is undergoing exploitation.