Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process.

The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hh33EY A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process.

The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hh33EY
Security Impact Rating: Medium
CVE: CVE-2016-6467

from Cisco Security Advisory http://ift.tt/2hh33EY