This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Cisco IOS XE Software for 1000 Series Aggregation Services Routers
(ASR) contains the following denial of service (DoS) vulnerabilities :
- Cisco IOS XE Software IPv6 Multicast Traffic Denial of
Service Vulnerability (CVE-2013-1164)
- Cisco IOS XE Software L2TP Traffic Denial of Service
- Cisco IOS XE Software SIP Traffic Denial of Service
- Cisco IOS XE Software Bridge Domain Interface Denial of
Service Vulnerability (CVE-2013-1167)
- Cisco IOS XE Software MVPNv6 Traffic Denial of Service
These vulnerabilities are independent of each other, meaning that a
release that is affected by one of the vulnerabilities may not be
affected by the others.
Successful exploitation of any of these vulnerabilities could allow an
unauthenticated, remote attacker to trigger a reload of the Embedded
Services Processors (ESP) card or the Route Processor (RP) card, causing
an interruption of services.
Repeated exploitation could result in a sustained DoS condition.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true