Cisco IOS Software Queue Wedge Denial of Service Vulnerability (cisco-sa-20130925-wedge)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in the T1/E1 driver queue implementation of Cisco IOS
Software could allow an unauthenticated, remote attacker to cause an
interface wedge condition, which could lead to loss of connectivity,
loss of routing protocol adjacency, and could result in a denial of
service (DoS) scenario. The vulnerability is due to incorrect
implementation of the T1/E1 driver queue. An attacker could exploit
this vulnerability by sending bursty traffic through the affected
interface driver. Repeated exploitation could cause a DoS condition.
Workarounds to mitigate this vulnerability are available. Cisco has
released free software updates that address this vulnerability.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70323 ()

Bugtraq ID: 62645

CVE ID: CVE-2013-5477

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial