Detections
Analytics

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20131030-asr1000)

high Nessus Plugin ID 70784

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities :

 - Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability (CVE-2013-5543)

 - Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability (CVE-2013-5545)

 - Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability (CVE-2013-5546)

 - Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability (CVE-2013-5547)

These vulnerabilities are independent of each other. A release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of any of these vulnerabilities allows an unauthenticated, remote attacker to trigger a reload of the Embedded Services Processors (ESP) card or the Route Processor (RP) card, which causes an interruption of services.

Repeated exploitation can result in a sustained DoS condition.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20131030-asr1000.

See Also

http://www.nessus.org/u?91b80ea8

Plugin Details

Severity: High

ID: 70784

File Name: cisco-sa-20131030-asr1000-iosxe.nasl

Version: 1.11

Type: local

Family: CISCO

Published: 11/7/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/30/2013

Vulnerability Publication Date: 10/30/2013

Reference Information

CVE: CVE-2013-5543, CVE-2013-5545, CVE-2013-5546, CVE-2013-5547

BID: 63436, 63439, 63443, 63444