Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers |
Informations | |||
---|---|---|---|
Name | cisco-sa-20131030-asr1000 | First vendor Publication | 2013-10-30 |
Vendor | Cisco | Last vendor Modification | 2013-10-30 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities: Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000 BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlJw9GgACgkQUddfH3/BbTrMlAD/SV+qri1wZW1g+vZJHrrvQXaR aWEgfYfj/8/moCIOQhMA/25x0feNJQYqWiCEobiPwbwYWdU0U3Pa9w8iRFEOhOiz =s6zR END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-07 | IAVM : 2013-A-0206 - Cisco IOS XE Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0041647 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-11-07 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20131030-asr1000-iosxe.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:12 |
|
2013-11-12 13:18:52 |
|
2013-11-01 21:23:32 |
|
2013-10-30 21:19:44 |
|