Published: 28/03/2013 Updated: 29/03/2013

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 up to and including 15.2 and IOS XE 3.1.xS up to and including 3.4.xS prior to 3.4.5S and 3.5.xS up to and including 3.7.xS prior to 3.7.2S, when MPLS-TE is enabled, allows remote malicious users to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios 15.1
cisco ios 15.0
cisco ios 15.0\\(1\\)se
cisco ios 15.3
cisco ios 12.2
cisco ios 15.2
cisco ios xe 3.4.0s
cisco ios xe 3.4.1s
cisco ios xe 3.4.2s
cisco ios xe 3.4.3s
cisco ios xe 3.1.0s
cisco ios xe 3.1.2s
cisco ios xe 3.2.2s
cisco ios xe 3.3.3s
cisco ios xe 3.3.1s
cisco ios xe 3.1.3s
cisco ios xe 3.1.4s
cisco ios xe 3.2.0s
cisco ios xe 3.2.1s
cisco ios xe 3.1.1s
cisco ios xe 3.3.2s
cisco ios xe 3.3.0s
cisco ios xe 3.5.1s
cisco ios xe 3.5.0s
cisco ios xe 3.5.2s

The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affec ...

CWE-119 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1143 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp

CVE-2013-1143

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect