Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability

A vulnerability in the Concurrent Data Management Replication process of Cisco IOS XR for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a reload of the Border Gateway Protocol (BGP) process.

The vulnerability is due to improper processing of malformed BGPv4 packets on an affected device. An attacker could exploit this vulnerability by sending malformed BGPv4 packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the BGP process.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, the attacker would need to send malformed BGPv4 packets to the targeted device, making exploitation more difficult in environments that restrict network access from untrusted sources.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.