—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in CISCO

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cisco IOS XR Software

Overview

A vulnerability has been reported in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency.

Successful exploitation of this vulnerability could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK

CVE Name

CVE-2026-20074

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmy0voACgkQ3jCgcSdc

ys8+Iw//c9thqgzv8RncmtHpZzrZBPKoGlTG7OB1rUv3hIgA7CBJr62X7ywHnR1x

9fWvTWnFN49FZJG0WRhEjQ4XViX8/aswbeww3SbJaYSJCYivwT/ydPxPlpnVvRtP

bNU5pYrv5tZQXv8/lLhJEQ0Wyp2iYUgk3vLfBNjhDkoGZssWrmBbd5I+VSStjEQm

bnwO602poMM5S3YZ4hZClfvuLC9h0LlAJQ6pKnlJPsIceuNotZmh1fsu5ROklVlw

pEB3xX0lzuHSMi5KgDNV7cTbIBzYUMswDnFjoFjAtHmZm68BpPbeCFF8avntyn/8

AGgdZlGSh44UuvwyxxSVvT35kPn8N1jrDlt4cjiRUmihAR57btXsFxbybKt+Jmw9

MTc2VWr25v7/H2C/c15ps7LwTjhj/W++Dq7+lygNoa6JBZ8VvvOxxNfQZh36C6AL

PMFvv/5k9PhYDykNY94NPqC4VNjXdotXxrCO3/wdl3tF4Aqu9DWGUIOmIxgdlO9G

PXYM4KBkuZRm9tnj9KMiRp88tBGyvLrdDLEQ2ZVBMiEU3jEIRa7cazxPEmea9d8n

CvMJJKyFvL3Xc1bbWmGbz2wGCe8nX2+6h+1k573t+3JaGFA/wAOdpHKR4fHMzczV

rX8kxKjKWERrwGfiCUPLZEXchuzUZ95b4LC8tPa0/KsZByZ0WRI=

=NB5A

—–END PGP SIGNATURE—–