Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20130410-asr1000)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS XE Software for 1000 Series Aggregation Services Routers
(ASR) contains the following denial of service (DoS) vulnerabilities :

- Cisco IOS XE Software IPv6 Multicast Traffic Denial of
Service Vulnerability (CVE-2013-1164)

- Cisco IOS XE Software L2TP Traffic Denial of Service
Vulnerability (CVE-2013-1165)

- Cisco IOS XE Software SIP Traffic Denial of Service
Vulnerability (CVE-2013-1166)

- Cisco IOS XE Software Bridge Domain Interface Denial of
Service Vulnerability (CVE-2013-1167)

- Cisco IOS XE Software MVPNv6 Traffic Denial of Service
Vulnerability (CVE-2013-2779)

These vulnerabilities are independent of each other, meaning that a
release that is affected by one of the vulnerabilities may not be
affected by the others.

Successful exploitation of any of these vulnerabilities allows an
unauthenticated, remote attacker to trigger a reload of the Embedded
Services Processors (ESP) card or the Route Processor (RP) card,
causing an interruption of services.

Repeated exploitation could result in a sustained DoS condition.

See also :

http://www.nessus.org/u?9c363bc5

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130410-asr1000.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 67218 ()

Bugtraq ID: 59003
59007
59008
59009
59040

CVE ID: CVE-2013-1164
CVE-2013-1165
CVE-2013-1166
CVE-2013-1167
CVE-2013-2779