Bad error message handling has opened up Cisco's IOS-XE versions prior to 3.13S to a remote denial-of-service (DoS) attack.
The company's threat advisory hints that the exploit was brought to Cisco's attention by an independent researcher, since it states that "functional exploit code exists; however, the code is not known to be publicly available."
IOS XE is a Linux daemon version of the Borg's operating system that abstracts routing functions away from platform-specific interfaces.
The problem Cisco has now patched deals with how the daemon triggers error messages for packets it can't reassemble. "When an affected device fails to successfully perform reassembly, instead of silently dropping the fragments, the ATTN-3-SYNC_TIMEOUT error message may be triggered," it explains.
The resulting consumption of CPU resources could, Cisco says, cause queued processes to halt. "An attacker could trigger this vulnerability by sending a series of IPv4 or IPv6 fragments, that are designed to trigger the error message, directly to the affected device."
IOS-XE users should get in touch with Cisco to get their hands on updates. ®