CVE-2014-3335

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 4.3.2 and earlier

Description The issue is related to improper NetFlow sampling of packets with multicast destination MAC addresses, which can cause a denial of service. This can be exploited by an unauthenticated, adjacent attacker who sends a crafted packet to an affected device with NetFlow sampling configured, leading to a lockup and eventual reload of a Network Processor chip and a line card processing traffic. The attacker must have access to the same broadcast or collision domain of the targeted device and may need additional knowledge about the device, such as whether NetFlow sampling is configured.

Recommendations For Cisco IOS XR versions 4.3.2 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider disabling NetFlow sampling until a patch is available. Restrict access to the device to minimize the risk of exploitation, especially from adjacent attackers.