CVE-2014-3379

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 5.1 and earlier

Description The issue allows remote attackers to cause a denial of service via a malformed MPLS packet. It is due to insufficient logic in parsing MPLS packets, which could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a network processor unit and a line card, leading to a denial of service condition. To exploit this, an attacker must have access to the same broadcast or collision domain as the targeted device and the device must be configured to process MPLS packets.

Recommendations For Cisco IOS XR versions 5.1 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in a security notice and released software updates. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation, especially focusing on limiting the ability of attackers to send malformed MPLS packets to the affected device.