Cisco IOS XE Software TFTP DoS

high Nessus Plugin ID 71924

Synopsis

The remote device is affected by a denial of service vulnerability.

Description

A vulnerability in the flow manager code in Cisco IOS XE could allow a remote, unauthenticated attacker to trigger a denial of service condition resulting in a crash of the device by sending specially generated TFTP UDP traffic.

It should be noted that this plugin merely checks for an affected IOS XE version and does not attempt to perform any additional validity checks.

Solution

Apply the relevant patch referenced in the Cisco Security Notice.

See Also

http://www.nessus.org/u?a4ee9aeb

Plugin Details

Severity: High

ID: 71924

File Name: cisco-sn-20136704-iosxe.nasl

Version: 1.4

Type: combined

Family: CISCO

Published: 1/13/2014

Updated: 5/3/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/3/2013

Vulnerability Publication Date: 12/3/2013

Reference Information

CVE: CVE-2013-6704

BID: 64062

CISCO-BUG-ID: CSCty42686, CSCuh09324