This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
A vulnerability exists in the Internet Key Exchange (IKE) protocol of
Cisco IOS Software that could allow an unauthenticated, remote attacker
to cause a memory leak that could lead to a device reload. The
vulnerability is due to incorrect handling of malformed IKE packets by
the affected software. An attacker could exploit this vulnerability by
sending crafted IKE packets to a device configured with features that
leverage IKE version 1 (IKEv1). Although IKEv1 is automatically
enabled on a Cisco IOS Software when IKEv1 or IKE version 2 (IKEv2)
is configured the vulnerability can be triggered only by sending a
malformed IKEv1 packet. In specific conditions, normal IKEv1 packets
can also cause an affected release of Cisco IOS Software to leak
memory. Only IKEv1 is affected by this vulnerability. An exploit
could cause Cisco IOS Software not to release allocated memory,
causing a memory leak. A sustained attack may result in a device
reload. Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate this
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true
Nessus Plugin ID: 70318 ()
Bugtraq ID: 62643
CVE ID: CVE-2013-5473
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.