Published: 27/03/2014 Updated: 23/05/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Cisco IOS 15.1 up to and including 15.3 and IOS XE 3.3 and 3.5 prior to 3.5.2E; 3.7 prior to 3.7.5S; and 3.8, 3.9, and 3.10 prior to 3.10.2S allow remote malicious users to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios xe 3.10.1s
cisco ios xe 3.10.1s1
cisco ios xe 3.7.1s
cisco ios xe 3.7.2s
cisco ios xe 3.5.0s
cisco ios xe 3.5.1s
cisco ios xe 3.3s\\(.0\\)
cisco ios xe 3.3s\\(.1\\)
cisco ios xe 3.3s\\(.2\\)
cisco ios xe 3.10
cisco ios xe 3.10.0s
cisco ios xe 3.8s\\(.2\\)
cisco ios xe 3.7.0s
cisco ios xe 3.5s\\(.1\\)
cisco ios xe 3.5s\\(.2\\)
cisco ios xe 3.3.2s
cisco ios xe 3.3.3s
cisco ios xe 3.9.0s
cisco ios xe 3.9.1s
cisco ios xe 3.8.0s
cisco ios xe 3.7s\\(.0\\)
cisco ios xe 3.7s\\(.1\\)
cisco ios xe 3.3.0s
cisco ios xe 3.3.0sg
cisco ios 15.3
cisco ios 15.2
cisco ios xe 3.8s\\(.0\\)
cisco ios xe 3.8s\\(.1\\)
cisco ios xe 3.5.xs
cisco ios xe 3.5s\\(.0\\)
cisco ios xe 3.3.1s
cisco ios xe 3.3.1sg
cisco ios 15.1

A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled The vulnerability is triggered when an affected device processes a malformed IPv6 packet Cisco ha ...

CWE-20 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6 http://www.securityfocus.com/bid/66467 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6

CVE-2014-2113

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect