CVE-2013-6693Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-164 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 41.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedNov 22
Latest updateMay 17

Description

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios15.3\(3\)s+2

🔴Vulnerability Details

2
GHSA
GHSA-8439-8j33-xpx5: The MLDP implementation in Cisco IOS 152022-05-17
CVEList
CVE-2013-6693: The MLDP implementation in Cisco IOS 152013-11-22

📋Vendor Advisories

1
Cisco
Cisco IOS Software MLDP Denial of Service Vulnerability2013-11-21
CVE-2013-6693 — Cisco IOS vulnerability | cvebase