Published: 27/09/2013 Updated: 07/10/2013

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Cisco IOS 15.0 up to and including 15.3 and IOS XE 3.2 up to and including 3.8, when a VRF interface exists, allows remote malicious users to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios 15.1
cisco ios 15.0
cisco ios 15.3
cisco ios 15.2
cisco ios xe 3.2.1s
cisco ios xe 3.2.1sg
cisco ios xe 3.2.2s
cisco ios xe 3.2.2sg
cisco ios xe 3.4.4s
cisco ios xe 3.4.5s
cisco ios xe 3.4.xs
cisco ios xe 3.5.0s
cisco ios xe 3.8.0s
cisco ios xe 3.3.1sg
cisco ios xe 3.3.2s
cisco ios xe 3.3.3s
cisco ios xe 3.4.0as
cisco ios xe 3.6.1s
cisco ios xe 3.6.2s
cisco ios xe 3.7.0s
cisco ios xe 3.7.1s
cisco ios xe 3.2.0s
cisco ios xe 3.2.0xo
cisco ios xe 3.2.3sg
cisco ios xe 3.3.0s
cisco ios xe 3.3.1s
cisco ios xe 3.4.0s
cisco ios xe 3.4.2s
cisco ios xe 3.5.2s
cisco ios xe 3.6.0s
cisco ios xe 3.2.00.xo.15.0\\(2\\)xo
cisco ios xe 3.2.0sg
cisco ios xe 3.2.4sg
cisco ios xe 3.3.0sg
cisco ios xe 3.4.1s
cisco ios xe 3.4.3s
cisco ios xe 3.5.1s
cisco ios xe 3.5.xs

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device The vulnerability is due to improper parsing of UDP RSVP packets An attacker could exploit this vulnerability by sending UDP ...

CWE-20 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp

CVE-2013-5478

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect