ID
VAR-201310-0526
CVE
CVE-2013-5543
TITLE
Cisco ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. Cisco ASR 1000 Runs on series devices Cisco IOS XE There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in the Cisco IOS XE's Zone-Based Firewall (ZBFW) TCP or UDP functionality. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtt26470
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4.0as | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4.0s | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4.1s | Trust: 1.6 |
| vendor: | cisco | model: | asr 1004 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1006 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1002 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1023 router | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1002-x | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1001 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4 | Trust: 0.9 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4.2s | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | lt | version: | 3.5 | Trust: 0.8 |
| vendor: | cisco | model: | asr 1002-x router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1006 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | lt | version: | 3.4 | Trust: 0.8 |
| vendor: | cisco | model: | asr 1001 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1023 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1002 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5.1s | Trust: 0.8 |
| vendor: | cisco | model: | asr 1004 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe 3.5.1s | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios xe 3.4.2s | scope: | ne | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20131030-asr1000 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000 | Trust: 0.8 |
| title: | 31452 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=31452 | Trust: 0.8 |
| title: | cisco-sa-20131030-asr1000 | url: | http://www.cisco.com/cisco/web/support/JP/112/1120/1120847_cisco-sa-20131030-asr1000-j.html | Trust: 0.8 |
| title: | Patch for Cisco IOS XE Software Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/40650 | Trust: 0.6 |
| title: | Cisco IOS XE Remediation measures for denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164605 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-5543 | Trust: 3.4 |
| db: | BID | id: | 63443 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-004964 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201310-721 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-14212 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-65545 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131030-asr1000 | Trust: 2.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5543 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5543 | Trust: 0.8 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2013-14212 |
| db: | VULHUB | id: | VHN-65545 |
| db: | BID | id: | 63443 |
| db: | JVNDB | id: | JVNDB-2013-004964 |
| db: | CNNVD | id: | CNNVD-201310-721 |
| db: | NVD | id: | CVE-2013-5543 |
LAST UPDATE DATE
2024-11-23T22:31:22.195000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-14212 | date: | 2013-11-04T00:00:00 |
| db: | VULHUB | id: | VHN-65545 | date: | 2013-11-01T00:00:00 |
| db: | BID | id: | 63443 | date: | 2013-10-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004964 | date: | 2013-11-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-721 | date: | 2021-10-08T00:00:00 |
| db: | NVD | id: | CVE-2013-5543 | date: | 2024-11-21T01:57:40.387 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-14212 | date: | 2013-11-04T00:00:00 |
| db: | VULHUB | id: | VHN-65545 | date: | 2013-10-31T00:00:00 |
| db: | BID | id: | 63443 | date: | 2013-10-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004964 | date: | 2013-11-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-721 | date: | 2013-10-31T00:00:00 |
| db: | NVD | id: | CVE-2013-5543 | date: | 2013-10-31T21:55:02.830 |