Vigil@nce - Cisco ASR: denial of service via PMIPv6
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A remote attacker can send malicious PMIPv6 packets to Cisco ASR,
in order to trigger a denial of service.
Impacted products: Cisco ASR.
Severity: 2/4.
Creation date: 20/10/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco ASR product offers a Proxy Mobile with IPv6
implementation.
However, a PMIPv6 packet with a malicious header restarts the
hamgr process.
A remote attacker can therefore send malicious PMIPv6 packets to
Cisco ASR, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ASR-denial-of-service-via-PMIPv6-18137