CVE-2014-8005

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 5.1 and earlier

Description A race condition in the lighttpd module allows remote attackers to cause a denial of service by establishing many TCP sessions. The vulnerability is due to a race condition while handling TCP sessions to the lighttpd module on the affected device. An attacker could exploit this vulnerability by sending a number of TCP sessions to be established with the lighttpd server on the affected device, potentially allowing the attacker to cause a reload of the lighttpd process. The attacker may need access to trusted, internal networks behind a firewall to send numerous TCP sessions to the targeted device.

Recommendations For Cisco IOS XR versions 5.1 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the lighttpd module to minimize the risk of exploitation.