CVE-2013-5480Improper Input Validation in Cisco IOS

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 27
Latest updateMay 17

Description

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-9662-9hfv-c3vr: The DNS-over-TCP implementation in Cisco IOS 122022-05-17
CVEList
CVE-2013-5480: The DNS-over-TCP implementation in Cisco IOS 122013-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS Software Network Address Translation Vulnerabilities2013-09-25
CVE-2013-5480 — Improper Input Validation in Cisco IOS | cvebase