CVE-2013-2779Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-399CWE-20Improper Input Validation5 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedApr 11
Latest updateMay 13

Description

Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios_xe15 versions+14
ciscocisco/ios_xe

🔴Vulnerability Details

1
GHSA
GHSA-42fj-5wgr-vp3x: Cisco IOS XE 32022-05-13

💥Exploits & PoCs

1
Exploit-DB
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities2013-08-02

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers2013-04-15
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
CVE-2013-2779 — Cisco IOS XE vulnerability | cvebase