CVE-2013-5546 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input ValidationCWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedOct 31
Latest updateMay 13

Description

The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

â–¶NVDcisco/ios_xe4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-cq3m-3v79-qmrp: The TCP reassembly feature in Cisco IOS XE 3↗2022-05-13
â–¶
CVEList
CVE-2013-5546: The TCP reassembly feature in Cisco IOS XE 3↗2013-10-31
â–¶

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers↗2013-10-30
â–¶
CVE-2013-5546 — Improper Input Validation in Cisco | cvebase