Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability
Monitor7.4cisco-sa-isis-dos-kDMxpSzKMar 11, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the IS-IS routing protocol implementation in Cisco IOS XR Software allows an unauthenticated attacker who is Layer 2-adjacent (on the same network segment) to send crafted IS-IS packets that cause the IS-IS process to crash. This results in a temporary loss of routing connectivity and a denial of service condition. The IS-IS protocol must be configured on the affected device, and the attacker must successfully form an IS-IS adjacency before sending the malicious packets.
What this means
What could happen
An attacker on the same network segment (Layer 2-adjacent) can crash the IS-IS routing process on your Cisco router, temporarily disrupting routing and network connectivity to any networks advertised by that device.
Who's at risk
Network operators running Cisco IOS XR on routers in edge or access network positions where they connect to untrusted or external networks, or where IS-IS adjacencies are formed across potentially hostile network segments. This is most critical for service provider networks and enterprise WAN routers.
How it could be exploited
An attacker who is directly connected to the same network segment (Layer 2-adjacent) forms an IS-IS adjacency with your router, then sends specially crafted IS-IS protocol packets that trigger a crash in the IS-IS process. This causes routing to fail until the process restarts.
Prerequisites
- Layer 2 adjacency (attacker must be on the same physical network segment or VLAN)
- No authentication required
- IS-IS routing must be configured and running on the device
remotely exploitable (Layer 2 adjacent)no authentication requiredlow complexityaffects routing stabilityno workarounds available
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
IOS XR SoftwareAll versionsFix available
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Cisco IOS XR Software to the patched version provided by Cisco for your hardware platform and release track
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/80559a31-a1cc-40b9-98d1-a687659d4f9eGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.