Advisory ID: cisco-sa-20160104-iosxr CVE ID: CVE-2015-6432 CWE ID: CWE-399 CVSS Score: - Base: 5.0 - Temporal: 4.1 Risk Level: Medium Initial Published: 2016 January 4 13:30 GMT Last Updated: 2016 January 14 21:39 GMT Version: 1.1 Workarounds Available: Yes Vulnerability Overview: A vulnerability exists in Cisco IOS XR software related to the processing of OSPF (Open Shortest Path First) Link-State Advertisements (LSAs), which could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the device. Root Cause: This vulnerability occurs when an excessive number of OSPF Path Computation Elements (PCEs) are configured to update OSPF LSA opaque areas. An attacker can exploit this vulnerability by sending forged OSPF LSA updates to affected devices running vulnerable software and OSPF configuration. Successful exploitation may cause the device to restart the OSPF process upon receiving the forged LSA updates, resulting in a DoS condition. Affected Products: Cisco IOS XR software versions 4.1.1, 4.2.0, 4.2.3, 4.3.0, 4.3.2, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 are vulnerable. Attack Indicators: The vulnerability may cause the affected device to reboot and generate a core dump file for the OSPF process. To determine if the device was compromised due to this vulnerability, Cisco Technical Assistance Center (TAC) should review the core file. Mitigation: To avoid exploitation, ensure that no more than 10 PCEs are configured within a single OSPF domain. Fixed Software: When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Response Archive and review subsequent advisories to determine exposure and complete upgrade paths. Public Disclosure: Cisco Product Security Incident Response Team (PSIRT) has not identified any public disclosures or malicious exploitation related to the vulnerability described in this advisory.