Patch/Configuration Management, Vulnerability Management

Cisco patches vulnerability in its IOS XR Software

Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.

The vulnerability (CVE-2016-6355) is due to the software's incorrect handling of crafted, fragmented packets sent to the router. A successful attack could allow someone to cause a memory leak on the router's rendezvous point “which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system,” Cisco wrote in a release.

The affected software is Cisco IOS XR Software Releases 5.1.x, 5.2.x, and 5.3.x running on Cisco ASR 9001 Aggregation Services Router.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds