Vulnerabilities > CVE-2015-0695 - Resource Management Errors vulnerability in Cisco IOS XR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 9 | |
Hardware | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20150415-IOSXR.NASL |
description | The remote Cisco device is running a version of Cisco IOS XR software that is affected by an error due to the improper processing of IPv4 packets routed through the bridge-group virtual interface (BVI) whenever Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs) are enabled. A remote, unauthenticated attacker can exploit this error to cause the device to lock up, forcing it to eventually reload the network processor chip and line card that are processing traffic. Note that this issue only affects Cisco ASR 9000 series devices using Typhoon-based line cards. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 83054 |
published | 2015-04-24 |
reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/83054 |
title | Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS |