A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code.
The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function.
US-CERT has released Vulnerability Note VU#790839 to document the issue.
Cisco will release software updates that address this vulnerability.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c