ID
VAR-201312-0288
CVE
CVE-2013-6981
TITLE
Cisco IOS XE Software MPLS IP Fragmentation Denial of Service Vulnerability
Trust: 1.5
sources:
CNVD: CNVD-2013-15580 //
BID: 64514 //
CNNVD: CNNVD-201312-506
DESCRIPTION
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is that there is an input verification error when processing a specially crafted MPLS IP packet. The attacker can use this vulnerability to inject a special MPLS IP packet to trigger the vulnerability. Successful exploits will allow attackers to cause the CPP process to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCul00709
Trust: 2.52
sources:
NVD: CVE-2013-6981 //
JVNDB: JVNDB-2013-005724 //
CNVD: CNVD-2013-15580 //
BID: 64514 //
VULHUB: VHN-66983
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-15580
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.6\(.1\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.1s\(.0\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.1s\(.2\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.6\(.2\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.6\(.0\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2s\(.2\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2s\(.0\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.5\(.0\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.1s\(.3\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.1s\(.1\) | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.1\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.4\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5s\(.2\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | lte | version: | 3.7s\(.1\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5s\(.0\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6s\(.0\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3s\(.2\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.3\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3s\(.0\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2s\(.1\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5s\(.1\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6s\(.1\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7s\(.0\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.6\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6s\(.2\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.5\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3s\(.1\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.0\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4s\(.2\) | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | lte | version: | 3.7s(.1) | Trust: 0.8 |
| vendor: | cisco | model: | ios xe software | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-15580 //
JVNDB: JVNDB-2013-005724 //
CNNVD: CNNVD-201312-506 //
NVD: CVE-2013-6981
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2013-15580 //
VULHUB: VHN-66983 //
JVNDB: JVNDB-2013-005724 //
CNNVD: CNNVD-201312-506 //
NVD: CVE-2013-6981
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
sources:
VULHUB: VHN-66983 //
JVNDB: JVNDB-2013-005724 //
NVD: CVE-2013-6981
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201312-506
TYPE
input validation
Trust: 0.6
sources:
CNNVD: CNNVD-201312-506
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-005724
PATCH
| title: | Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6981 | Trust: 0.8 |
| title: | 32281 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=32281 | Trust: 0.8 |
| title: | Patch for Cisco IOS XE Software MPLS IP Fragmentation Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/42002 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-15580 //
JVNDB: JVNDB-2013-005724
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-6981 | Trust: 3.4 |
| db: | BID | id: | 64514 | Trust: 2.6 |
| db: | SECUNIA | id: | 56206 | Trust: 1.7 |
| db: | SECTRACK | id: | 1029538 | Trust: 1.1 |
| db: | OSVDB | id: | 101423 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2013-005724 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201312-506 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-15580 | Trust: 0.6 |
| db: | CISCO | id: | 20131224 CISCO IOS XE CRAFTED MPLS IP FRAGMENTATION DENIAL OF SERVICE VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-66983 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-15580 //
VULHUB: VHN-66983 //
BID: 64514 //
JVNDB: JVNDB-2013-005724 //
CNNVD: CNNVD-201312-506 //
NVD: CVE-2013-6981
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6981 | Trust: 2.3 |
| url: | http://www.securityfocus.com/bid/64514 | Trust: 1.7 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=32281 | Trust: 1.7 |
| url: | http://secunia.com/advisories/56206 | Trust: 1.7 |
| url: | http://osvdb.org/101423 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1029538 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6981 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6981 | Trust: 0.8 |
| url: | https://tools.cisco.com/bugsearch/bug/cscul00709 | Trust: 0.6 |
| url: | www.cisco.com | Trust: 0.3 |
sources:
CNVD: CNVD-2013-15580 //
VULHUB: VHN-66983 //
BID: 64514 //
JVNDB: JVNDB-2013-005724 //
CNNVD: CNNVD-201312-506 //
NVD: CVE-2013-6981
CREDITS
Cisco
Trust: 0.9
sources:
BID: 64514 //
CNNVD: CNNVD-201312-506
SOURCES
| db: | CNVD | id: | CNVD-2013-15580 |
| db: | VULHUB | id: | VHN-66983 |
| db: | BID | id: | 64514 |
| db: | JVNDB | id: | JVNDB-2013-005724 |
| db: | CNNVD | id: | CNNVD-201312-506 |
| db: | NVD | id: | CVE-2013-6981 |
LAST UPDATE DATE
2024-11-23T22:31:21.787000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-15580 | date: | 2013-12-27T00:00:00 |
| db: | VULHUB | id: | VHN-66983 | date: | 2016-09-15T00:00:00 |
| db: | BID | id: | 64514 | date: | 2013-12-26T10:10:00 |
| db: | JVNDB | id: | JVNDB-2013-005724 | date: | 2014-01-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201312-506 | date: | 2013-12-27T00:00:00 |
| db: | NVD | id: | CVE-2013-6981 | date: | 2024-11-21T02:00:06.040 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-15580 | date: | 2013-12-26T00:00:00 |
| db: | VULHUB | id: | VHN-66983 | date: | 2013-12-28T00:00:00 |
| db: | BID | id: | 64514 | date: | 2013-12-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005724 | date: | 2014-01-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201312-506 | date: | 2013-12-27T00:00:00 |
| db: | NVD | id: | CVE-2013-6981 | date: | 2013-12-28T04:53:06.740 |