CVE-2013-2779

2013-04-1110:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

cve-2013-2779

ios xe

aggregation services routers

denial of service

vulnerability

security

bug id

ipv6

mvpn

cscub34945

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

49.2%

JSON

Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164.

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.4.0as
cisco:ios_xecisco ios xeeq3.4.0s
cisco:ios_xecisco ios xeeq3.4.1s
cisco:ios_xecisco ios xeeq3.4.2s
cisco:ios_xecisco ios xeeq3.4.3s
cisco:ios_xecisco ios xeeq3.4.4s
cisco:ios_xecisco ios xeeq3.4.xs
cisco:ios_xecisco ios xeeq3.5.0s
cisco:ios_xecisco ios xeeq3.5.1s
cisco:ios_xecisco ios xeeq3.5.2s

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.4.0as
cisco:ios_xe	cisco ios xe	eq	3.4.0s
cisco:ios_xe	cisco ios xe	eq	3.4.1s
cisco:ios_xe	cisco ios xe	eq	3.4.2s
cisco:ios_xe	cisco ios xe	eq	3.4.3s
cisco:ios_xe	cisco ios xe	eq	3.4.4s
cisco:ios_xe	cisco ios xe	eq	3.4.xs
cisco:ios_xe	cisco ios xe	eq	3.5.0s
cisco:ios_xe	cisco ios xe	eq	3.5.1s
cisco:ios_xe	cisco ios xe	eq	3.5.2s