## Critical Vulnerability Information - **Vulnerability Title**: Cisco IOS XR Software Route Processor Denial of Service Vulnerability - **Severity**: High - **CVE ID**: CVE-2013-5549 - **CVSS Score**: Base 7.1, Temporal 5.9 - **Affected Products**: - Cisco IOS XR Software Releases 3.3.0 to 4.2.0 - Specific Route Processor models include: - Cisco CRS-1 Distributed Route Processor (DRP-B) - Cisco CRS-1 16-Slot Line Card Chassis Route Processor (CRS-16-RP) - Cisco CRS-1 8-Slot Line Card Chassis Route Processor (CRS-8-RP) - Cisco CRS-1 16-Slot Line Card Chassis Route Processor B (CRS-16-RP-B) - Cisco CRS Series 4/8-Slot Line Card Chassis Performance Route Processor (CRS-8-PRP-12G, CRS-8-PRP-6G) - Cisco CRS Series 16-Slot Performance Route Processor (CRS-16-PRP-12G, CRS-16-PRP-6G) - **Vulnerability Description**: This vulnerability arises from improper handling of fragmented packets, which may cause the Cisco CRS Route Processor to fail in properly forwarding packets, resulting in a Denial of Service (DoS) condition. - **CVE ID**: CVE-2013-5549 - **CWE ID**: CWE-362 - **Workarounds**: None - **Fixes**: Cisco has released software updates to address this vulnerability. Users are advised to consult the Cisco Security Advisories, Responses, and Notices archive to ensure sufficient memory is available after upgrading and to confirm that the current hardware and software configuration will continue to be supported by the new version. - **Disclaimer**: This document is provided "AS IS" without any express or implied warranties.