CVE-2014-3322

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 4.3.2 and earlier

Description The issue is related to improper NetFlow sampling of IP packets, which can be exploited by sending malformed IPv4 or IPv6 packets to cause a denial of service, resulting in chip and card hangs. This can lead to a lockup and eventual reload of a Network Processor chip and a line card, causing a denial of service condition. The vulnerability can be exploited by an unauthenticated, adjacent attacker who is on the same broadcast or collision domain as the targeted device. NetFlow sampling must be configured on the targeted device for the exploit to be successful.

Recommendations For Cisco IOS XR versions 4.3.2 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider disabling NetFlow sampling until a patch is available. Restrict access to the device to minimize the risk of exploitation, ensuring that only trusted devices are on the same broadcast or collision domain.