Cisco said on Thursday it has patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.
The vulnerability, Cisco said, rests in the ipv6 processing code used by IOS XR in the Cisco CRS-3 Carrier Routing System. The bug is remotely exploitable and is due to incorrect processing of legitimate IPv6 packets carrying valid IPv6 extension headers. Cisco said while the headers are valid, they’re unlikely to be seen in “normal operation.”
Leave a reply