Thursday 12 November 2020
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
Cisco ASR 9000 Series Aggregation Services Routers if they are running a Cisco IOS XR Software release earlier than release 6.7.3 or 7.1.2.
What you need to know:
Cisco has released a security update to patch CVE-2020-26070, a vulnerability in the ingress packet processing function of its IOS XR software for Cisco ASR 9000 Series Aggregation Services Routers. The flaw could allow an unauthenticated remote attacker to cause a denial-of-service when exploited.
Actions to be taken:
Customers are advised to install the appropriate software maintenance upgrade as shown in the “fixed releases” table in Cisco’s Security Update for CVE-2020-26070 (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY).