CVE-2014-3321

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 4.3.4 and earlier

Description The issue allows remote attackers to cause a denial of service via a series of crafted Multiprotocol Label Switching (MPLS) packets when bridge-group virtual interface (BVI) routing is enabled. This is due to insufficient logic in parsing MPLS packets. An attacker could exploit this by sending a stream of crafted MPLS packets to be routed by a BVI on the affected device, causing a lockup and eventual reload of a network processor chip and a line card, leading to a denial of service condition. To exploit this, an attacker must be on the same collision or broadcast domain of the targeted device.

Recommendations For Cisco IOS XR versions 4.3.4 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the bridge-group virtual interface (BVI) to minimize the risk of exploitation.