-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150730-asr1k

Revision 1.0

For Public Release 2015 July 30 16:00  UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======
A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet.

The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform.

Cisco has released software updates that address this vulnerability.

There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVbpKZIpI1I6i1Mx3AQIXNBAAsL6aoaOpHNE2zK2WcW3pYgnqUkX67X0K
cavUKGkmOfimpZVv803qjKwLNIaBZRwZHRaHn6gMgvJp28DikDaG5cgGXfi77hxq
3t3JlT6bB6CD99vQmRRVjRDnJCKwpTlw7E+VpqPCQdG/4AglpKq1d7VkcZKfhZih
8H0/XY8FWM0x3mfcX7Hv+he1r6ckvXHixtmWWujYt7l6FO54LpECgNkivst730V9
pMaMQaThMIhuljBJVyt3sn57tXMKrV1Fsh4Tir8S2cDrmIQ/kYz09emg8Uxeotpp
YM0RoLQoS1SL/49rmCbH6TM4+gv2TNgDKWJIgk47BUZZE8DB9sReBH+cNnetG5J9
dt/+03tVbZ7vADgkfEey0niKQp/Vi400ExGR80FtR9vVoabQBZP2Sy5T0G4KJE+r
E6icqfP+keu2ovoEf7IxSBDvDa+0DzXckHz6i8gvi21iJQFRhdjsdWk5OkAomEys
rQYTkcpe15UE1WR0xURwEEayN5sXsd0iO0X6f19cdHWSbGe2VMn+1PS3198GKHz1
AYk2NqMBU9tT9M6gH1RmsqNvMBK5zhRuLaJwu5AlFhJkdjZQ7LplMjw0hm2hBqJ2
TetaGNLryB6Av3co13qWUPgTRRjmeiQ1C1Q10KHYJBkwsDty82F6RNvwmcCLq/jp
fFoIfOhaFso=
=bOtY
-----END PGP SIGNATURE-----