Code injection

2013-09-2710:08:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.

CPENameOperatorVersion
ioseq15.1
ioseq15.0
ioseq12.3
ioseq12.1
ioseq12.4
ioseq12.2
ioseq12.0
ios_xeeq3.2.0-sg
ios_xeeq2.5.0
ios_xeeq2.6.1

Name	Operator	Version
ios	eq	15.1
ios	eq	15.0
ios	eq	12.3
ios	eq	12.1
ios	eq	12.4
ios	eq	12.2
ios	eq	12.0
ios_xe	eq	3.2.0-sg
ios_xe	eq	2.5.0
ios_xe	eq	2.6.1

Rows per page:

1-10 of 471

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ntp