Published: 28/12/2013 Updated: 15/09/2016

CVSS v2 Base Score: 5.4 | Impact Score: 6.9 | Exploitability Score: 4.9

VMScore: 481

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C

Cisco IOS XE 3.7S(.1) and previous versions allows remote malicious users to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios xe 3.5s\\(.2\\)
cisco ios xe 3.5s\\(.0\\)
cisco ios xe 3.4s\\(.2\\)
cisco ios xe 3.4s\\(.0\\)
cisco ios xe 3.1s\\(.3\\)
cisco ios xe 3.1s\\(.1\\)
cisco ios xe
cisco ios xe 3.7s\\(.0\\)
cisco ios xe 3.6s\\(.2\\)
cisco ios xe 3.6s\\(.1\\)
cisco ios xe 3.3s\\(.1\\)
cisco ios xe 3.3s\\(.0\\)
cisco ios xe 3.2s\\(.2\\)
cisco ios xe 3.2s\\(.1\\)
cisco ios xe 3.4s\\(.6\\)
cisco ios xe 3.4s\\(.5\\)
cisco ios xe 3.4s\\(.4\\)
cisco ios xe 3.4s\\(.3\\)
cisco ios xe 2.6\\(.2\\)
cisco ios xe 2.6\\(.1\\)
cisco ios xe 2.6\\(.0\\)
cisco ios xe 2.5\\(.0\\)
cisco ios xe 3.6s\\(.0\\)
cisco ios xe 3.5s\\(.1\\)
cisco ios xe 3.4s\\(.1\\)
cisco ios xe 3.3s\\(.2\\)
cisco ios xe 3.2s\\(.0\\)
cisco ios xe 3.1s\\(.2\\)
cisco ios xe 3.1s\\(.0\\)

A vulnerability in the Multiprotocol Label Switching (MPLS) IP fragmentation function of Cisco IOS XE could allow an unauthenticated, remote attacker to cause the Cisco Packet Processor to crash The vulnerability is due to input validation processing of the crafted MPLS IP packets An attacker could exploit this vulnerability by injecting specifi ...

CWE-20 http://tools.cisco.com/security/center/viewAlert.x?alertId=32281 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6981 http://www.securitytracker.com/id/1029538 http://secunia.com/advisories/56206 http://www.securityfocus.com/bid/64514 http://osvdb.org/101423 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131224-CVE-2013-6981

CVE-2013-6981

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect