• Diniz Martins

IOS-XR | CVE-2020-26070

A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR).

The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges in video traffic.

The flaw (CVE-2020-26070), which ranks 8.6 out of 10 on the CVSS scale, stems from an issue with the ingress packet processing function of Cisco IOS XR software. Ingress packet processing is a technique used to sort through incoming packets from different networks.

The vulnerability is due to improper resource allocation when an affected device processes network traffic. An attacker could exploit the flaw by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device, ultimately exhausting its buffer resources and crashing the device.

When a device is experiencing buffer resources exhaustion, the following message may be seen in the system logs: “%PKT_INFRA-spp-4-PKT_ALLOC_FAIL : Failed to allocate n packets for sending”.

The device would need to be restarted to regain functionality, said Cisco. This vulnerability affects Cisco ASR 9000 series routers if they are running a Cisco IOS XR Software release earlier than releases 6.7.2 or 7.1.2. Cisco fixed this vulnerability in Cisco IOS XR Software releases 6.7.2 and later and releases 7.1.2 and later.


SMU Download (version 6.4.2)= https://mega.nz/file/qV0RDIxS#Lt9OWFC1m8Y4b5fSlKsmpEKtjo8YRgk_oVZnnmv81Gw

Checksum value = fc8d55c5a4225e47a8f5cae833257a69

Recent Posts

See All

Cisco Nexus9000 | TACACS

This post describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on Cisco NX-OS devices. About TACACS+: The TACACS+ security protocol provides centrali

Backup Cisco ISE

Taking the backup is one of the basic but important task for any system including Cisco ISE. Performing Cisco ISE backup, will be done in four steps. These are: ▸ Creating a Repository; ▸ Adding crypt

Linux scripts on Cisco IOS

The Cisco IOS Shell (IOS.sh) feature provides shell scripting capability to the Cisco IOS command-line-interface (CLI) environment. Cisco IOS.sh enhances the process of controlling and configuring an