Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability

cisco-sa-isis-dos-kDMxpSzK · High · Published · Updated

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.   Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK This advisory is part of the March 2026 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

As a mitigation, configure IS-IS area authentication. This would require an attacker to authenticate successfully to the IS-IS area before they are able to form an adjacency and exploit this vulnerability. For more information on configuring IS-IS authentication, see the IS-IS Authentication https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/routing/24xx/configuration/guide/b-routing-cg-ncs5500-24xx/implementing-isis.html#con_1276647 section of the Routing Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 24.1.x, 24.2.x, 24.3.x, 24.4.x.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2026-20074
Cisco Bug IDsCSCwq71827
CVSS ScoreBase 7.4
Base 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XR Software, Cisco IOS

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2026-20074 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2026-20074 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2026-20074 Cisco OpenVuln
Cisco IOS Software CVE-2026-20074 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2026-20074 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2026-20074 Cisco OpenVuln
Cisco IOS XR Software CVE-2026-20074 Cisco OpenVuln
Cisco IOS CVE-2026-20074 Cisco OpenVuln