Cisco IOS Software UBR Devices IPv6 VPN Multiprotocol Label Switching Denial of Service Vulnerability

A vulnerability in Cisco Universal Broadband Routers performing IPv6 VPN over Multiprotocol Label Switching (MPLS; 6VPE) and configured for NetFlow could allow an unauthenticated, remote attacker to cause a crash of the Parallel Express Forwarding (PXF) process on the Performance Routing Engine (PRE) module.

The vulnerability is due to a race condition that may cause an incorrect pointer to be used during IPv6 deaggregation. An attacker would need to control a trusted MPLS neighbor that can forward a malformed 6VPE packet at a high rate to an affected device. Successful exploitation could cause the PXF process on the PXE module of a targeted device to crash, resulting in a denial of service (DoS) condition

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, the attacker must take control of a trusted MPLS neighbor that can forward a malformed 6VPE packet at a high rate to the targeted device, making exploitation more difficult in environments that restrict network access from untrusted sources.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.