Details of VAR-201304-0412

ID

VAR-201304-0412

CVE

CVE-2013-2779

TITLE

Cisco ASR 1000 Series Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002216

DESCRIPTION

Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. Vendors have confirmed this vulnerability Bug ID CSCub34945 It is released as. This vulnerability CVE-2013-1164 Is a different vulnerability.Fragmented by a third party IPv6 of MVPN Service disruption via packets ( Reload card ) There is the ability to be put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. The vulnerability stems from the fact that the program does not correctly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) function

Trust: 2.52

sources: NVD: CVE-2013-2779 // JVNDB: JVNDB-2013-002216 // CNVD: CNVD-2013-03137 // BID: 59040 // VULHUB: VHN-62781

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-03137

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.xs	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 1.0
vendor:	cisco	model:	asr 1002-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1006	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.xs	Trust: 1.0
vendor:	cisco	model:	asr 1023 router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2s	Trust: 1.0
vendor:	cisco	model:	asr 1002 fixed router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1013	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7	Trust: 0.9
vendor:	cisco	model:	asr 1013 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 fixed router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.4	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.5s	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.7	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5 from 3.7.1s	Trust: 0.8
vendor:	cisco	model:	ios xe 3.4.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7.1s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4.5s	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2013-03137 // BID: 59040 // JVNDB: JVNDB-2013-002216 // CNNVD: CNNVD-201304-193 // NVD: CVE-2013-2779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2779
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2779
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-03137
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201304-193
value:	HIGH
Trust: 0.6
VULHUB:	VHN-62781
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-2779
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-03137
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-62781
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-03137 // VULHUB: VHN-62781 // JVNDB: JVNDB-2013-002216 // CNNVD: CNNVD-201304-193 // NVD: CVE-2013-2779

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-62781 // JVNDB: JVNDB-2013-002216 // NVD: CVE-2013-2779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-193

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201304-193

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002216

PATCH

title:	cisco-sa-20130410-asr1000	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000	Trust: 0.8
title:	cisco-sa-20130410-asr1000	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117745_cisco-sa-20130410-asr1000-j.html	Trust: 0.8
title:	Cisco IOS XE Multicast Leaf Recycle Elimination Patch for Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/33274	Trust: 0.6
title:	Cisco ASR Cisco IOS XE Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164604	Trust: 0.6

sources: CNVD: CNVD-2013-03137 // JVNDB: JVNDB-2013-002216 // CNNVD: CNNVD-201304-193

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2779	Trust: 3.4
db:	BID	id:	59040	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002216	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-193	Trust: 0.7
db:	CNVD	id:	CNVD-2013-03137	Trust: 0.6
db:	VULHUB	id:	VHN-62781	Trust: 0.1

sources: CNVD: CNVD-2013-03137 // VULHUB: VHN-62781 // BID: 59040 // JVNDB: JVNDB-2013-002216 // CNNVD: CNNVD-201304-193 // NVD: CVE-2013-2779

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-asr1000	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2779	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2779	Trust: 0.8
url:	https://tools.cisco.com/bugsearch/bug/cscuj03174	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityresponse/cisco-sr-20130318-type4	Trust: 0.3

sources: CNVD: CNVD-2013-03137 // VULHUB: VHN-62781 // BID: 59040 // JVNDB: JVNDB-2013-002216 // CNNVD: CNNVD-201304-193 // NVD: CVE-2013-2779

CREDITS

Cisco

Trust: 0.3

sources: BID: 59040

SOURCES

db:	CNVD	id:	CNVD-2013-03137
db:	VULHUB	id:	VHN-62781
db:	BID	id:	59040
db:	JVNDB	id:	JVNDB-2013-002216
db:	CNNVD	id:	CNNVD-201304-193
db:	NVD	id:	CVE-2013-2779

LAST UPDATE DATE

2024-11-23T22:35:24.178000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-03137	date:	2013-04-16T00:00:00
db:	VULHUB	id:	VHN-62781	date:	2013-04-11T00:00:00
db:	BID	id:	59040	date:	2013-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-002216	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-193	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2013-2779	date:	2024-11-21T01:52:21.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-03137	date:	2013-04-16T00:00:00
db:	VULHUB	id:	VHN-62781	date:	2013-04-11T00:00:00
db:	BID	id:	59040	date:	2013-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-002216	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-193	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-2779	date:	2013-04-11T10:55:02.147