Patches cooked for five versions of Cisco’s IOS

Remote attackers can send some Cisco routers into a continuous denial of service funk by rebooting network processor chips with a crafted attack.

The high-severity hole (CVE-2015-0695) affects the IOS XR software in Cisco ASR 9000 Series Aggregation Services routers running Typhoon-based cards, the second-generation of line cards.

The Borg says exploitation could cause “a lockup and eventual reload of a network processor chip and a line card that is processing traffic, leading to a denial of service condition”.

“The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface when any of the following features are configured: Unicast Reverse Path Forwarding, policy-based routing, quality of service, or access control lists,” Cisco says in an advisory.

“An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface.”

Users should apply the patches for five versions as there are no workarounds for the flaw.

Software newer than version 4.3.0 are unaffected.

The Borg does not know of any in-the-wild attacks using the vulnerabilities and has offered some techniques for admins to identity exposure.

Source: http://www.theregister.co.uk/2015/04/16/borg_routers_open_to_repeat_remote_dos_attack/

http://whitepapers.theregister.co.uk/paper/view/3715/cyber-risk-report-2015.pdf