Lucene search

CiscoCISCO-SA-20130925-NAT

HistorySep 25, 2013 - 4:00 p.m.

Cisco IOS Software Network Address Translation Vulnerabilities

2013-09-2516:00:00

tools.cisco.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

49.5%

JSON

The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat”]

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html”]

Affected configurations

Vulners

Node

ciscoiosMatch12.2sxi

ciscoiosMatch15.0m

ciscoiosMatch15.1t

ciscoiosMatch15.1xb

ciscoiosMatch15.3t

ciscoiosMatch15.1m

ciscoiosMatch15.1gc

ciscoiosMatch15.0sy

ciscoiosMatch12.2sxj

ciscoiosMatch15.2m

ciscoiosMatch15.2gc

ciscoiosMatch15.2e

ciscoiosMatch15.2jb

ciscoiosMatch15.2jax

ciscoiosMatch15.3ja

ciscoiosMatch15.6t

ciscoiosMatch12.2\(33\)sxi7

ciscoiosMatch15.0\(1\)m6

ciscoiosMatch15.0\(1\)m7

ciscoiosMatch15.0\(1\)m6a

ciscoiosMatch15.1\(3\)t2

ciscoiosMatch15.1\(3\)t3

ciscoiosMatch15.1\(2\)t4

ciscoiosMatch15.1\(3\)t

ciscoiosMatch15.1\(3\)t1

ciscoiosMatch15.1\(3\)t4

ciscoiosMatch15.1\(4\)xb4

ciscoiosMatch15.1\(4\)xb5

ciscoiosMatch15.1\(4\)xb6

ciscoiosMatch15.1\(4\)xb5a

ciscoiosMatch15.1\(4\)xb7

ciscoiosMatch15.1\(4\)xb8

ciscoiosMatch15.1\(4\)xb8a

ciscoiosMatch15.3\(1\)t

ciscoiosMatch15.3\(2\)t

ciscoiosMatch15.3\(1\)t1

ciscoiosMatch15.1\(4\)m3

ciscoiosMatch15.1\(4\)m

ciscoiosMatch15.1\(4\)m1

ciscoiosMatch15.1\(4\)m2

ciscoiosMatch15.1\(4\)m6

ciscoiosMatch15.1\(4\)m5

ciscoiosMatch15.1\(4\)m4

ciscoiosMatch15.1\(4\)m0a

ciscoiosMatch15.1\(4\)m0b

ciscoiosMatch15.1\(4\)m3a

ciscoiosMatch15.1\(4\)gc

ciscoiosMatch15.1\(4\)gc1

ciscoiosMatch15.0\(1\)sy

ciscoiosMatch12.2\(33\)sxj1

ciscoiosMatch15.2\(4\)m

ciscoiosMatch15.2\(4\)m1

ciscoiosMatch15.2\(4\)m2

ciscoiosMatch15.2\(4\)m3

ciscoiosMatch15.2\(1\)gc

ciscoiosMatch15.2\(1\)gc1

ciscoiosMatch15.2\(1\)gc2

ciscoiosMatch15.2\(2\)gc

ciscoiosMatch15.2\(3\)gc

ciscoiosMatch15.2\(3\)gc1

ciscoiosMatch15.2\(4m\)e1

ciscoiosMatch15.2\(2\)jb1

ciscoiosMatch15.2\(2\)jb

ciscoiosMatch15.2\(2\)jax

ciscoiosMatch15.3\(3\)ja8

ciscoiosMatch15.6\(2\)t

CPENameOperatorVersion
ioseq12.2SXI
ioseq15.0M
ioseq15.1T
ioseq15.1XB
ioseq15.3T
ioseq15.1M
ioseq15.1GC
ioseq15.0SY
ioseq12.2SXJ
ioseq15.2M

Name	Operator	Version
ios	eq	12.2SXI
ios	eq	15.0M
ios	eq	15.1T
ios	eq	15.1XB
ios	eq	15.3T
ios	eq	15.1M
ios	eq	15.1GC
ios	eq	15.0SY
ios	eq	12.2SXJ
ios	eq	15.2M

Rows per page:

1-10 of 661

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

49.5%

JSON

Related for CISCO-SA-20130925-NAT