CVE-2013-1167Path Traversal in Cisco IOS XE

CWE-22Path TraversalCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3994 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 48.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedApr 11
Latest updateMay 13

Description

Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios_xe23 versions+22
ciscocisco/ios_xe

🔴Vulnerability Details

1
GHSA
GHSA-j4xj-pqpq-7cfq: Cisco IOS XE 32022-05-13

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers2013-04-15
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
CVE-2013-1167 — Path Traversal in Cisco IOS XE | cvebase