Vulnerable component: Cisco IOS XR
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C
CWE-ID: CWE-20 - Improper Input Validation
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a logic error when parsing IPv6 Neighbor Discovery (ND) packets, sent directly to the device. A remote attacker can send specially crafted IPv6 traffic to the affected device and cause the device to stop processing IPv6 traffic.
Successful exploitation of the vulnerability will result in denial of service attack.
Note: according to Cisco, this vulnerability is being exploited in the wild.