Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20130410-asr1000)

High Nessus Plugin ID 67218

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities :

- Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability (CVE-2013-1164)

- Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability (CVE-2013-1165)

- Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability (CVE-2013-1166)

- Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability (CVE-2013-1167)

- Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability (CVE-2013-2779)

These vulnerabilities are independent of each other, meaning that a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of any of these vulnerabilities allows an unauthenticated, remote attacker to trigger a reload of the Embedded Services Processors (ESP) card or the Route Processor (RP) card, causing an interruption of services.

Repeated exploitation could result in a sustained DoS condition.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20130410-asr1000.

See Also

http://www.nessus.org/u?9c363bc5

Plugin Details

Severity: High

ID: 67218

File Name: cisco-sa-20130410-asr1000-iosxe.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 2013/07/10

Modified: 2018/07/06

Dependencies: 67217

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/15

Vulnerability Publication Date: 2013/04/10

Reference Information

CVE: CVE-2013-1164, CVE-2013-1165, CVE-2013-1166, CVE-2013-1167, CVE-2013-2779

BID: 59003, 59007, 59008, 59009, 59040