Vulnerability details
Advisory: SB20016052601 - Remote denial of service in Cisco IOS
Vulnerable component: Cisco IOS XR
CVE-ID: CVE-2016-1409
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C
CWE-ID: CWE-20 - Improper input validation
Description:
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a logic error when parsing IPv6 Neighbor Discovery (ND) packets, sent directly to the device. A remote attacker can send specially crafted IPv6 traffic to the affected device and cause the device to stop processing IPv6 traffic.
Successful exploitation of the vulnerability will result in denial of service attack.
Note: according to Cisco, this vulnerability is being exploited in the wild.