Vulnerability CVE-2013-2779


Published: 2013-04-11

Description:
Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
Cisco
10.04.2013

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Asr 1001 router 
Cisco -> Asr 1002-x router 
Cisco -> Asr 1002 fixed router 
Cisco -> Asr 1002 router 
Cisco -> Asr 1004 router 
Cisco -> Asr 1006 router 
Cisco -> Asr 1013 router 
Cisco -> Asr 1023 router 
Cisco -> Ios xe 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Copyright 2024, cxsecurity.com

 

Back to Top