CVE-2015-4205

Name of the Vulnerable Software and Affected Versions Cisco IOS XR version 5.3.1

Description The issue is related to errors in resource management, allowing a remote attacker to cause a denial of service by sending crafted IEEE 802.3x flow-control PAUSE frames. This can lead to a Network Processing Unit (NPU) chip reset and potentially a reload of the affected line card. The vulnerability is due to improper processing of crafted IEEE 802.3x flow control pause frames. An attacker must have access to the same broadcast or collision domain as the targeted device to exploit this vulnerability.

Recommendations For Cisco IOS XR version 5.3.1, update to a newer version that includes the fix for this issue, as confirmed by Cisco. As a temporary workaround, consider restricting access to the local network to minimize the risk of exploitation. Avoid using crafted IEEE 802.3x flow control pause frames on the affected device until the issue is resolved.