CVE-2015-0695

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 4.3.4 through 5.3.0

Description The issue is due to improper handling of bridge-group virtual interface (BVI) traffic when certain features are configured, such as Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). This allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering the use of a BVI interface for IPv4 packets. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected.

Recommendations For Cisco IOS XR versions 4.3.4 through 5.3.0, update to a fixed software version to address the vulnerability. As a temporary workaround, consider disabling the features that trigger the vulnerability, such as uRPF, PBR, QoS, or ACLs, until a patch is available. Restrict access to the BVI interface to minimize the risk of exploitation.