Network Security, Patch/Configuration Management, Vulnerability Management

Cisco update eliminates DoS vulnerability in Aggregation Services Router operating system

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

The bug, designated CVE-2018-0136, specifically resides in the operating system's IPv6 subsystem, which was mishandling packets with a fragment header. Routers are affected if they are running version 5.3.4 of the software and have IPv6-configured Trident-based (Ethernet) line cards installed.

"An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card," Cisco explained in a security advisory. "A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart."

Cisco made its fix available via a software maintenance upgrade, and also incorporated the patch into service pack 7 for Cisco IOS XR Software Release 5.3.4.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

You can skip this ad in 5 seconds