CVE-2013-5545 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedOct 31

Latest updateMay 13

Description

The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xe3.9.0s, 3.9.1s+1

🔴Vulnerability Details

GHSA

GHSA-2r8v-24rx-6584: The PPTP ALG implementation in Cisco IOS XE 3↗2022-05-13

▶

CVEList

CVE-2013-5545: The PPTP ALG implementation in Cisco IOS XE 3↗2013-10-31

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers↗2013-10-30

▶