CVE-2013-1164Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-399CWE-20Improper Input Validation7 documents4 sources
Severity
7.8HIGHNVD
OSV2.6
EPSS
0.4%
top 37.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpenldapCisco IOS XE
Timeline
PublishedApr 11
Latest updateMay 13

Description

Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

NVDcisco/ios_xe15 versions+14
ciscocisco/ios_xe
Ubuntuopenldap/openldap< 2.4.31-1+nmu2ubuntu8.1

🔴Vulnerability Details

3
GHSA
GHSA-r6qj-7q64-h7gp: Cisco IOS XE 32022-05-13
GHSA
GHSA-42fj-5wgr-vp3x: Cisco IOS XE 32022-05-13
OSV
openldap vulnerabilities2015-05-26

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers2013-04-15
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
CVE-2013-1164 — Cisco IOS XE vulnerability | cvebase