Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability

Vulnerability

The vulnerability exists in the ingress traffic validation of Cisco IOS XE Software running on Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3). It insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An unauthenticated, adjacent attacker can trigger a reload of the affected device by sending a malformed OSPF version 2 (OSPFv2) message [1]. Affected devices include those running Cisco IOS XE Software on ASR 900 RSP3.

Exploitation

An attacker must be on the same adjacent network segment as the target device and send a specially crafted OSPFv2 message [1]. No authentication is required, and the attack does not require any user interaction. The malformed message bypasses the ASIC's validation checks and triggers a defect in the processing logic.

Impact

Successful exploitation causes a reload of the iosd process, which in turn triggers a reload of the entire affected device [1]. This results in a denial of service (DoS) condition, causing network traffic interruption until the device completes the reload process.

Mitigation

Cisco has released free software updates to address this vulnerability [1]. Customers should upgrade to a fixed version of Cisco IOS XE Software as indicated in the Cisco Security Advisory. As a workaround, administrators can restrict OSPFv2 adjacency establishment to trusted neighbors using authentication and access control lists. No workaround fully mitigates the vulnerability without upgrading.