Cisco IOS With OSPF, MPLS VPN, Sup32, Sup720 or RSP720 Denial of Service Vulnerability
Multiple Cisco products running Cisco IOS (Internetwork Operating System) with OSPF (Open Shortest Path First) or MPLS VPN (Multi Protocol Label Switching Virtual Private Networking) are prone to a denial-of-service vulnerability caused by a blocked queue, a memory leak, or a restart of the device.
An attacker can exploit this issue to prevent any traffic from entering affected devices, causing denial-of-service conditions for legitimate users.
The following devices are affected:
Cisco Catalyst 6500 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL
Cisco 7600 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL
Cisco 7600 Series devices with the RSP720, RSP720-3C, or RSP720-3CXL
Cisco ME 6524 Ethernet Switch
Some Cisco IOS branches based on 12.2 are vulnerable only when combined with hardware based on specific Catalyst Supervisor Engines (Sup32, Sup720, or RSP720) and configured with MPLS VPN and OSPF sham-link.
NOTE: OSPF and MPLS VPN are not enabled by default.