Lucene search

CiscoCISCO-SA-20131002-IOSXR

HistoryOct 02, 2013 - 4:00 p.m.

Cisco IOS XR Software Memory Exhaustion Vulnerability

2013-10-0216:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

53.2%

JSON

Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr”]

Affected configurations

Vulners

Node

ciscoios_xr_softwareMatchany

VendorProductVersionCPE
ciscoios_xr_softwareanycpe:2.3:o:cisco:ios_xr_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xr_software	any	cpe:2.3:o:cisco:ios_xr_software:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

53.2%

JSON

Related for CISCO-SA-20131002-IOSXR