ID
VAR-201310-0530
CVE
CVE-2013-5547
TITLE
Cisco ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The attacker failed to properly handle malformed EoGRE packets. The attacker exploited this vulnerability by sending malformed IPv4 or IPv6 EoGRE packets to affected devices configured with the EoGRE interface. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf08269
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.1s | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.0s | Trust: 1.6 |
| vendor: | cisco | model: | asr 1004 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1006 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1023 router | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1002 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1002-x | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1001 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | asr 1002-x router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1006 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1001 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1023 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.2s | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | lt | version: | 3.9 | Trust: 0.8 |
| vendor: | cisco | model: | asr 1002 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asr 1004 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20131030-asr1000 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000 | Trust: 0.8 |
| title: | 31456 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=31456 | Trust: 0.8 |
| title: | cisco-sa-20131030-asr1000 | url: | http://www.cisco.com/cisco/web/support/JP/112/1120/1120847_cisco-sa-20131030-asr1000-j.html | Trust: 0.8 |
| title: | Patch for Cisco IOS XE TCP Segment Reassembly Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/40652 | Trust: 0.6 |
| title: | Cisco IOS XE EoGRE Remediation measures for denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164608 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-5547 | Trust: 3.4 |
| db: | BID | id: | 63439 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-004967 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201310-724 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-14210 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-65549 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131030-asr1000 | Trust: 2.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5547 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5547 | Trust: 0.8 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2013-14210 |
| db: | VULHUB | id: | VHN-65549 |
| db: | BID | id: | 63439 |
| db: | JVNDB | id: | JVNDB-2013-004967 |
| db: | CNNVD | id: | CNNVD-201310-724 |
| db: | NVD | id: | CVE-2013-5547 |
LAST UPDATE DATE
2024-11-23T22:39:04.535000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-14210 | date: | 2013-11-04T00:00:00 |
| db: | VULHUB | id: | VHN-65549 | date: | 2013-11-01T00:00:00 |
| db: | BID | id: | 63439 | date: | 2013-10-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004967 | date: | 2013-11-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-724 | date: | 2021-10-08T00:00:00 |
| db: | NVD | id: | CVE-2013-5547 | date: | 2024-11-21T01:57:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-14210 | date: | 2013-11-04T00:00:00 |
| db: | VULHUB | id: | VHN-65549 | date: | 2013-10-31T00:00:00 |
| db: | BID | id: | 63439 | date: | 2013-10-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004967 | date: | 2013-11-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-724 | date: | 2013-10-31T00:00:00 |
| db: | NVD | id: | CVE-2013-5547 | date: | 2013-10-31T21:55:02.893 |