Cisco IOS XE VSS / BDF Traffic DoS (CSCug41049 / CSCue61890)

medium Nessus Plugin ID 73829

Synopsis

The remote device is affected by a denial of service vulnerability.

Description

The remote Cisco device is affected by a denial of service vulnerability in its packet driver code when handling Virtual Switching Systems (VSS) or Bidirectional Forwarding Detection (BFD) traffic. An unauthenticated, adjacent attacker can exploit this to cause a device reload.

Note that this issue only affects Cisco Catalyst 4000 Series switches.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCug41049 and CSCue61890.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=33558

Plugin Details

Severity: Medium

ID: 73829

File Name: cisco-sn-CVE-2014-2131-iosxe.nasl

Version: 1.10

Type: local

Family: CISCO

Published: 5/2/2014

Updated: 11/26/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/28/2014

Vulnerability Publication Date: 3/28/2014

Reference Information

CVE: CVE-2014-2131

BID: 66515

CISCO-BUG-ID: CSCue61890, CSCug41049