CVE-2020-26070 in Detail
The vulnerability resides in Cisco ISO XR software. The software “is a unique self-healing and self-defending operating system designed for always-on operation while scaling capacity and adding new services or features,” as the company describes it. The operating system runs on Cisco ASR 9000 routers designed to work with large amounts of video traffic.
According to the official advisory, the flaw is triggered by improper resource allocation that occurs “when an affected device processes network traffic in software switching mode.” Hackers can weaponize the vulnerability by sending “specific streams of Layer 3 or Layer 3 protocol data units (PDUs)” to a vulnerable device.
If the attempt is successful, this could cause the machine to run out of buffer resources, making it unable to process or forward traffic. In other words, a successful exploit could lead to a denial-of-service (DoS) condition. To regain functionality, you should restart the device, Cisco says.
The CVE-2020-26070 vulnerability can compromise Cisco ASR 9000 Series Aggregation Services Routers running a Cisco IOS XR Software release earlier than releases 6.7.2 or 7.1.2. The company’s advisory confirms that the flaw doesn’t affect IOS software, IOS XE, IOS XRv 9000 Router, and NX-OS.
How to determine if your Cisco ASR router is affected?
If the device displays the following message, it means that it is experiencing buffer resources exhaustion:
%PKT_INFRA-spp-4-PKT_ALLOC_FAIL : Failed to allocate n packets for sending
In other words, the error indicates that the device cannot allocate buffer resources and forward network traffic in software switching mode. However, it should be noted that buffer resource exhaustion can happen for other reasons, too. Customers should contact their support organization to review the error messages and determine whether exploitation of this vulnerability has compromised the device, Cisco concludes.
Last year, the company addressed several highly severe flaws in Cisco IOS and IOS XE network automation software. One of the flaws affected industrial and grid routers, making the impact incomprehensible.