Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20130410-asr1000)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS XE Software for 1000 Series Aggregation Services Routers
(ASR) contains the following denial of service (DoS) vulnerabilities :

- Cisco IOS XE Software IPv6 Multicast Traffic Denial of
Service Vulnerability (CVE-2013-1164)

- Cisco IOS XE Software L2TP Traffic Denial of Service
Vulnerability (CVE-2013-1165)

- Cisco IOS XE Software SIP Traffic Denial of Service
Vulnerability (CVE-2013-1166)

- Cisco IOS XE Software Bridge Domain Interface Denial of
Service Vulnerability (CVE-2013-1167)

- Cisco IOS XE Software MVPNv6 Traffic Denial of Service
Vulnerability (CVE-2013-2779)

These vulnerabilities are independent of each other, meaning that a
release that is affected by one of the vulnerabilities may not be
affected by the others.

Successful exploitation of any of these vulnerabilities could allow an
unauthenticated, remote attacker to trigger a reload of the Embedded
Services Processors (ESP) card or the Route Processor (RP) card, causing
an interruption of services.

Repeated exploitation could result in a sustained DoS condition.

See also :

http://www.nessus.org/u?9c363bc5

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130410-asr1000.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 67218 ()

Bugtraq ID: 59003
59007
59008
59009
59040

CVE ID: CVE-2013-1164
CVE-2013-1165
CVE-2013-1166
CVE-2013-1167
CVE-2013-2779