This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Cisco IOS XE Software for 1000 Series Aggregation Services Routers
(ASR) contains the following denial of service (DoS) vulnerabilities :
- Cisco IOS XE Software TCP Segment Reassembly Denial of
Service Vulnerability (CVE-2013-5543)
- Cisco IOS XE Software Malformed EoGRE Packet Denial of
Service Vulnerability (CVE-2013-5545)
- Cisco IOS XE Software Malformed ICMP Packet Denial of
Service Vulnerability (CVE-2013-5546)
- Cisco IOS XE Software PPTP Traffic Denial of Service
These vulnerabilities are independent of each other. A release that is
affected by one of the vulnerabilities may not be affected by the
Successful exploitation of any of these vulnerabilities allows an
unauthenticated, remote attacker to trigger a reload of the Embedded
Services Processors (ESP) card or the Route Processor (RP) card, which
causes an interruption of services.
Repeated exploitation can result in a sustained DoS condition.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : false
Nessus Plugin ID: 70784 ()
Bugtraq ID: 63436634396344363444
CVE ID: CVE-2013-5543CVE-2013-5545CVE-2013-5546CVE-2013-5547
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.