CVE-2013-1143Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.9%
top 24.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 28
Latest updateMay 17

Description

The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios6 versions+5
NVDcisco/ios_xe19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-7h84-jx3h-jh5g: The RSVP protocol implementation in Cisco IOS 122022-05-17
CVEList
CVE-2013-1143: The RSVP protocol implementation in Cisco IOS 122013-03-28

📋Vendor Advisories

1
Cisco
Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability2013-03-27
CVE-2013-1143 — Cisco IOS vulnerability | cvebase