Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

Summary: A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet. The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k

Vulnerable Products: All Cisco ASR 1000 Series Aggregation Services Routers models are affected by this vulnerability when running an affected version of Cisco IOS XE Software. This vulnerability does not depend on any specific combination of ESP and Route Processor (RP) installed on the chassis. Any combination of ESP and RP is affected. Products Confirmed Not Vulnerable

Details: A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet. The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform. This vulnerability can be triggered by IPv4 or IPv6 crafted, fragmented packets destined to the device itself. It cannot be triggered by transit traffic. This vulnerability could be repeatedly exploited to cause an extended DoS condition. This vulnerability is documented in Cisco bug ID CSCtd72617 (registered customers only), and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2015-4291.

Vulnerability Scoring Details Cisco has scored the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this security advisory is in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps organizations determine the urgency and priority of a response. Cisco has provided a base and temporal score. Customers can also compute environmental scores that help determine the impact of the vulnerability in their own networks. Cisco has provided additional information regarding CVSS at the following link: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to compute the environmental impact for individual networks at the following link: http://intellishield.cisco.com/security/alertmanager/cvss CSCtd72617

– Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability Calculate the environmental score of CSCtd72617 CVSS Base Score – 7.8 Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact Network Low None None None Complete CVSS Temporal Score – 6.4 Exploitability Remediation Level Report Confidence Functional Official-Fix Confirmed

Impact

Successful exploitation of this vulnerability may cause a crash of the ESP processing the packet, resulting in a DoS condition. Repeated exploitation could result in an extended DoS condition.

Software Versions and Fixes When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Alerts archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. This vulnerability has been fixed in the following Cisco IOS XE Software versions:

Cisco IOS XE Software Train First Fixed Release 2.1 Vulnerable;

migrate to 2.5.1 or later.

(1) 2.2 Vulnerable; migrate to 2.5.1 or later.

(1) 2.3 Vulnerable; migrate to 2.5.1 or later.

(1) 2.4 2.4.3 (1) 2.5 2.5.1 (1)

Source: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability


No Comments so far.

Leave a Reply