This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Cisco IOS XE Software for 1000 Series Aggregation Services Routers
(ASR) contains the following denial of service (DoS) vulnerabilities :
- Cisco IOS XE Software IPv6 Multicast Traffic Denial of
Service Vulnerability (CVE-2013-1164)
- Cisco IOS XE Software L2TP Traffic Denial of Service
- Cisco IOS XE Software SIP Traffic Denial of Service
- Cisco IOS XE Software Bridge Domain Interface Denial of
Service Vulnerability (CVE-2013-1167)
- Cisco IOS XE Software MVPNv6 Traffic Denial of Service
These vulnerabilities are independent of each other, meaning that a
release that is affected by one of the vulnerabilities may not be
affected by the others.
Successful exploitation of any of these vulnerabilities allows an
unauthenticated, remote attacker to trigger a reload of the Embedded
Services Processors (ESP) card or the Route Processor (RP) card,
causing an interruption of services.
Repeated exploitation could result in a sustained DoS condition.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true