CVE-2013-5549 — Race Condition in Cisco IOS XR

CWE-362 — Race Condition4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.4%

top 39.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR

Timeline

PublishedOct 25

Latest updateMay 17

Description

Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xr16 versions+15

🔴Vulnerability Details

GHSA

GHSA-rmqj-585g-98v7: Cisco IOS XR 3↗2022-05-17

▶

CVEList

CVE-2013-5549: Cisco IOS XR 3↗2013-10-25

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software Route Processor Denial of Service Vulnerability↗2013-10-23

▶