CVE-2014-2113Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation5 documents5 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 27
Latest updateMay 17

Description

Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios15.1, 15.2, 15.3+2
NVDcisco/ios_xe30 versions+29

🔴Vulnerability Details

2
GHSA
GHSA-2xwj-cxrx-46h4: Cisco IOS 152022-05-17
CVEList
CVE-2014-2113: Cisco IOS 152014-03-27

📋Vendor Advisories

2
CISA ICS
Rockwell Automation Stratix 59002017-05-10
Cisco
Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability2014-03-26
CVE-2014-2113 — Improper Input Validation in Cisco IOS | cvebase