Details of VAR-201304-0269

ID

VAR-201304-0269

CVE

CVE-2013-1164

TITLE

Cisco ASR 1000 Series Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002219

DESCRIPTION

Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS XE software that allows unauthenticated remote attackers to conduct denial of service attacks. This vulnerability is triggered by traffic that passes through or is targeted to the affected device. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCtz97563 and CSCub34945

Trust: 2.52

sources: NVD: CVE-2013-1164 // JVNDB: JVNDB-2013-002219 // CNVD: CNVD-2013-03004 // BID: 59003 // VULHUB: VHN-61166

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-03004

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5	Trust: 1.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6	Trust: 1.4
vendor:	cisco	model:	asr 1006	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1013	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7	Trust: 0.8
vendor:	cisco	model:	asr 1013 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.4	Trust: 0.8
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4s	Trust: 0.8

sources: CNVD: CNVD-2013-03004 // BID: 59003 // JVNDB: JVNDB-2013-002219 // CNNVD: CNNVD-201304-183 // NVD: CVE-2013-1164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1164
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1164
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-03004
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201304-183
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61166
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1164
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-03004
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61166
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-03004 // VULHUB: VHN-61166 // JVNDB: JVNDB-2013-002219 // CNNVD: CNNVD-201304-183 // NVD: CVE-2013-1164

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2013-002219 // NVD: CVE-2013-1164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-183

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201304-183

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002219

PATCH

title:	cisco-sa-20130410-asr1000	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000	Trust: 0.8
title:	28814	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28814	Trust: 0.8
title:	cisco-sa-20130410-asr1000	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117745_cisco-sa-20130410-asr1000-j.html	Trust: 0.8
title:	Cisco IOS XE IPv6 Multicast Communication Handling Patch for Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/33252	Trust: 0.6
title:	Cisco 1000 ASR Cisco IOS XE Fix for design error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164600	Trust: 0.6

sources: CNVD: CNVD-2013-03004 // JVNDB: JVNDB-2013-002219 // CNNVD: CNNVD-201304-183

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1164	Trust: 3.4
db:	BID	id:	59003	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002219	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-183	Trust: 0.7
db:	CNVD	id:	CNVD-2013-03004	Trust: 0.6
db:	VULHUB	id:	VHN-61166	Trust: 0.1

sources: CNVD: CNVD-2013-03004 // VULHUB: VHN-61166 // BID: 59003 // JVNDB: JVNDB-2013-002219 // CNNVD: CNNVD-201304-183 // NVD: CVE-2013-1164

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-asr1000	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1164	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1164	Trust: 0.8
url:	https://tools.cisco.com/bugsearch/bug/cscuj03174	Trust: 0.3

sources: CNVD: CNVD-2013-03004 // VULHUB: VHN-61166 // BID: 59003 // JVNDB: JVNDB-2013-002219 // CNNVD: CNNVD-201304-183 // NVD: CVE-2013-1164

CREDITS

Cisco

Trust: 0.3

sources: BID: 59003

SOURCES

db:	CNVD	id:	CNVD-2013-03004
db:	VULHUB	id:	VHN-61166
db:	BID	id:	59003
db:	JVNDB	id:	JVNDB-2013-002219
db:	CNNVD	id:	CNNVD-201304-183
db:	NVD	id:	CVE-2013-1164

LAST UPDATE DATE

2024-11-23T22:31:27.571000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-03004	date:	2013-04-15T00:00:00
db:	VULHUB	id:	VHN-61166	date:	2013-04-15T00:00:00
db:	BID	id:	59003	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002219	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-183	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2013-1164	date:	2024-11-21T01:49:01.663

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-03004	date:	2013-04-15T00:00:00
db:	VULHUB	id:	VHN-61166	date:	2013-04-11T00:00:00
db:	BID	id:	59003	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002219	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-183	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1164	date:	2013-04-11T10:55:01.873