CVE-2013-5473Missing Release of Memory after Effective Lifetime in Cisco IOS

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 27
Latest updateMay 17

Description

Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios12.2, 15.1, 15.2+2
NVDcisco/ios_xe5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-h37x-f8c4-gxqv: Memory leak in Cisco IOS 122022-05-17
CVEList
CVE-2013-5473: Memory leak in Cisco IOS 122013-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability2013-09-25
CVE-2013-5473 — Cisco IOS vulnerability | cvebase