CVE-2014-3376

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 5.1 and earlier

Description A vulnerability in RSVP processing could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The issue is due to improper parsing of a malformed RSVP packet. An attacker could exploit this by sending a malformed RSVP packet to be processed by an affected device, potentially causing a reload of the RSVP process. The attacker may need access to trusted, internal networks behind a firewall to send the packets and may also need to know if the device has RSVP configured.

Recommendations For Cisco IOS XR versions 5.1 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice.