---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Severe Vulnerability in Cisco IOS XR Software'
version: '1.0'
number: '2021-010'
date: 'February 12, 2021'
---

_History:_

* _11/02/2021 --- v1.0 -- Initial publication_

# Summary

Cisco has published an advisory about severe vulnerability affecting Cisco Cisco IOS XR Software. These vulnerabilities could allow an unauthenticated, remote attacker to cause a **denial of service (DoS) condition** on an affected device. Cisco is not aware of any malicious exploit in the wild [1].

# Technical Details

The vulnerability is being tracked as CVE-2020-26070 and received CVSS - score of 8.6. It is triggered by improper resource allocation that occurs when an affected device processes network traffic in software switching mode. Hackers can weaponise the vulnerability by sending specific streams of Layer 3 or Layer 3 protocol data units (PDUs) to a vulnerable device [1,2].

If the attempt is successful, this could cause the machine to run out of buffer resources, making it unable to process or forward traffic. Successful exploit could lead to a denial-of-service (DoS) condition and and according to Cisco, device restart is needed [1].

When a device is experiencing buffer resources exhaustion, the following message may be seen in the system logs [1]:

	%PKT_INFRA-spp-4-PKT_ALLOC_FAIL : Failed to allocate n packets for sending

This error message indicates that the device is not able to allocate buffer resources and forward network traffic in software switching mode [1,3].

# Affected products

The vulnerability CVE-2020-26070 affects [1]:

* Cisco ASR 9000 Series Aggregation Services Routers
* Cisco Network Convergence System (NCS) 5000 Series Routers

# Recommendations

Cisco has released free software updates that address the vulnerability described in the advisory.

It is recommended to install updates for the affected software.

# References

[1] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY#fs>

[2] <https://sensorstechforum.com/cve-2020-26070-cisco-asr-routers-flaw/>

[3] <https://threatpost.com/high-severity-cisco-dos-flaw-asr-routers/161115/>