CVE-2013-1166Improper Input Validation in Cisco IOS XE

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3997 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedApr 11
Latest updateMay 13

Description

Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios_xe13 versions+12
ciscocisco/ios_xe

🔴Vulnerability Details

1
GHSA
GHSA-vrc2-g3wg-h66r: Cisco IOS XE 32022-05-13

📋Vendor Advisories

4
Red Hat
Kernel: net: information leak in AF_KEY notify2013-06-26
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers2013-04-15
Red Hat
Kernel: net: af_key: initialize satype in key_notify_policy_flush2013-02-18
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

💬Community

1
Bugzilla
CVE-2013-2237 Kernel: net: af_key: initialize satype in key_notify_policy_flush2013-07-04
CVE-2013-1166 — Improper Input Validation in Cisco | cvebase