Vulnerability CVE-2013-1164


Published: 2013-04-11

Description:
Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
Cisco
10.04.2013

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Ios xe 
Cisco -> Asr 1001 router 
Cisco -> Asr 1002-x router 
Cisco -> Asr 1002 router 
Cisco -> Asr 1004 router 
Cisco -> Asr 1006 router 
Cisco -> Asr 1013 router 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Copyright 2024, cxsecurity.com

 

Back to Top