Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20131030-asr1000)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS XE Software for 1000 Series Aggregation Services Routers
(ASR) contains the following denial of service (DoS) vulnerabilities :

- Cisco IOS XE Software TCP Segment Reassembly Denial of
Service Vulnerability (CVE-2013-5543)

- Cisco IOS XE Software Malformed EoGRE Packet Denial of
Service Vulnerability (CVE-2013-5545)

- Cisco IOS XE Software Malformed ICMP Packet Denial of
Service Vulnerability (CVE-2013-5546)

- Cisco IOS XE Software PPTP Traffic Denial of Service
Vulnerability (CVE-2013-5547)

These vulnerabilities are independent of each other - a release that is
affected by one of the vulnerabilities may not be affected by the
others.

Successful exploitation of any of these vulnerabilities could allow an
unauthenticated, remote attacker to trigger a reload of the Embedded
Services Processors (ESP) card or the Route Processor (RP) card, which
could cause an interruption of services.

Repeated exploitation could result in a sustained DoS condition.

See also :

http://www.nessus.org/u?be931de5

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20131030-asr1000.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 70784 ()

Bugtraq ID: 63436
63439
63443
63444

CVE ID: CVE-2013-5543
CVE-2013-5545
CVE-2013-5546
CVE-2013-5547