Severity
7.8HIGHNVD
EPSS
0.9%
top 25.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 17
Latest updateMay 17
Description
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.
CVSS vector
AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9