CVE-2013-1142

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1142

Details

Source: MITRE

Published: 2013-03-28

Updated: 2020-07-28

Type: CWE-362

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:* versions from 12.2 to 12.4 (inclusive)

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:* versions from 15.0 to 15.2 (inclusive)

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
65888Cisco IOS Software Network Address Translation Vulnerability (cisco-sa-20130327-nat)NessusCISCO
high