Vulnerable Products:

This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software and the management interface is configured with an IP address in the Up state.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether the management interface is up and has an IP address assigned, run the show interfaces MgmtEth 0/RP0/CPU0/0 command, as shown in the following example:

show interfaces MgmtEth 0/RP0/CPU0/0

MgmtEth0/RP0/CPU0/0 is up, line protocol is up Internet address is 192.0.2.254/16Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS Software IOS XE Software NX-OS SoftwareIndicators of Compromise:

Due to congestion, an affected device will repeatedly drop packets from an internal queue that is associated with the ARP process. Log entries similar to the following example will appear continuously in the system log of the device:

RP/0/RP0/CPU0:2025 Sep 10 14:54:04.800 EDT: netio[408]: %PKT_INFRA-PQMON-6-QUEUE_DROP : Taildrop on XIPC queue 1 owned by arp (jid=330)Workarounds:

There are no workarounds that address this vulnerability.

Note: Local Packet Transport Services (LPTS) do not provide protection or rate-limiting for traffic received on Management Ethernet (MgmtEth) interfaces.Fixed Software:

Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.

Customers may only...