Cisco IOS XE Software TFTP DoS

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a denial of service vulnerability.

Description :

A vulnerability in the flow manager code in Cisco IOS XE could allow a
remote, unauthenticated attacker to trigger a denial of service
condition resulting in a crash of the device by sending specially
generated TFTP UDP traffic.

It should be noted that this plugin merely checks for an affected IOS XE
version and does not attempt to perform any additional validity checks.

See also :

http://www.nessus.org/u?7c603643

Solution :

Apply the relevant patch referenced in the Cisco Security Notice.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 71924 ()

Bugtraq ID: 64062

CVE ID: CVE-2013-6704