CVE-2013-1146Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 28
Latest updateMay 17

Description

The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-j6vf-c5c5-5r47: The Smart Install client functionality in Cisco IOS 122022-05-17
CVEList
CVE-2013-1146: The Smart Install client functionality in Cisco IOS 122013-03-28

📋Vendor Advisories

1
Cisco
Cisco IOS Software Smart Install Denial of Service Vulnerability2013-03-27
CVE-2013-1146 — Cisco IOS vulnerability | cvebase