Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability [CVE-2020-26070]
CVE number – CVE-2020-26070
A vulnerability in the egress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode. An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Affected Products
- Vulnerable ProductsThis vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers if they are running a Cisco IOS XR Software release earlier than releases 6.7.2 or 7.1.2.
Indicators of Compromise
- Exploitation of this vulnerability can result in the exhaustion of buffer resources. When a device is experiencing buffer resources exhaustion, the following message may be seen in the system logs:%PKT_INFRA-spp-4-PKT_ALLOC_FAIL : Failed to allocate n packets for sendingThis error message indicates that the device is not able to allocate buffer resources and forward network traffic in software switching mode. However, buffer resource exhaustion may happen for a reason other than the exploitation of this vulnerability. Customers are advised to contact their support organization to review the error messages and determine whether the device has been compromised by an exploitation of this vulnerability.
Workarounds
- There are no workarounds that address this vulnerability.
Fixed Software
- Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Cisco fixed this vulnerability in Cisco IOS XR Software releases 6.7.2 and later and releases 7.1.2 and later.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.