cisco-sa-20161207-asr

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

cisco-sa-20161207-asr · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2016-6467
Cisco Bug IDs	CSCva84552
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source	Cisco ASR 5000 Series Software

Related Products

Product	CVE	Evidence
Cisco SR 500 Secure Routers	CVE-2016-6467	Cisco OpenVuln
Cisco RV Series Routers	CVE-2016-6467	Cisco OpenVuln
Cisco Nexus Dashboard	CVE-2016-6467	Cisco OpenVuln
Cisco ASR 5000 Series Software	CVE-2016-6467	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

Workarounds

Related Products