CVE-2013-5472Improper Input Validation in Cisco IOS

CWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 39.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 27
Latest updateMay 17

Description

The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios7 versions+6
NVDcisco/ios_xe40 versions+39

🔴Vulnerability Details

2
GHSA
GHSA-v6fm-cxxx-62h6: The NTP implementation in Cisco IOS 122022-05-17
CVEList
CVE-2013-5472: The NTP implementation in Cisco IOS 122013-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability2013-09-25
CVE-2013-5472 — Improper Input Validation in Cisco IOS | cvebase