CVE-2013-5565

Name of the Vulnerable Software and Affected Versions Cisco IOS XR version 5.1

Description The issue is related to the OSPFv3 functionality, which allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet. This is due to improper parsing of malformed type 1 link-state advertisement (LSA) packets. An attacker could exploit this by sending a malformed type 1 LSA packet to a vulnerable device, potentially leading to a crash of the OSPFv3 process and a denial of service (DoS) condition. The vulnerability can be exploited by an unauthenticated, remote attacker, but it may require access to trusted, internal networks.

Recommendations For Cisco IOS XR version 5.1, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the OSPFv3 process to minimize the risk of exploitation. Avoid using the LSA Type-1 packet in the affected API endpoint until the issue is resolved.