var-201304-0269
Vulnerability from variot
Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS XE software that allows unauthenticated remote attackers to conduct denial of service attacks. This vulnerability is triggered by traffic that passes through or is targeted to the affected device. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCtz97563 and CSCub34945
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4.0as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.6.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "3.5"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "3.6"
},
{
"model": "asr 1006",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1013",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1001",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1004",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1002",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1002-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.7"
},
{
"model": "asr 1013 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1002-x router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1006 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "asr 1001 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1002 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 1004 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.4.4s"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "BID",
"id": "59003"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:asr_1001_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_1002_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_1002-x_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_1004_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_1006_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_1013_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ios_xe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "59003"
}
],
"trust": 0.3
},
"cve": "CVE-2013-1164",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1164",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-03004",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-61166",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1164",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-1164",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-03004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-183",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-61166",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "VULHUB",
"id": "VHN-61166"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS XE software that allows unauthenticated remote attackers to conduct denial of service attacks. This vulnerability is triggered by traffic that passes through or is targeted to the affected device. \nSuccessful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug IDs CSCtz97563 and CSCub34945",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1164"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "BID",
"id": "59003"
},
{
"db": "VULHUB",
"id": "VHN-61166"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1164",
"trust": 3.4
},
{
"db": "BID",
"id": "59003",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-03004",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-61166",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "VULHUB",
"id": "VHN-61166"
},
{
"db": "BID",
"id": "59003"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"id": "VAR-201304-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "VULHUB",
"id": "VHN-61166"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
}
]
},
"last_update_date": "2024-11-23T22:31:27.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20130410-asr1000",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000"
},
{
"title": "28814",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28814"
},
{
"title": "cisco-sa-20130410-asr1000",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/111/1117/1117745_cisco-sa-20130410-asr1000-j.html"
},
{
"title": "Cisco IOS XE IPv6 Multicast Communication Handling Patch for Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/33252"
},
{
"title": "Cisco 1000 ASR Cisco IOS XE Fix for design error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164600"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-asr1000"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1164"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1164"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/bugsearch/bug/cscuj03174"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "VULHUB",
"id": "VHN-61166"
},
{
"db": "BID",
"id": "59003"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"db": "VULHUB",
"id": "VHN-61166"
},
{
"db": "BID",
"id": "59003"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"date": "2013-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-61166"
},
{
"date": "2013-04-10T00:00:00",
"db": "BID",
"id": "59003"
},
{
"date": "2013-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"date": "2013-04-11T10:55:01.873000",
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03004"
},
{
"date": "2013-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-61166"
},
{
"date": "2013-04-10T00:00:00",
"db": "BID",
"id": "59003"
},
{
"date": "2013-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002219"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-183"
},
{
"date": "2024-11-21T01:49:01.663000",
"db": "NVD",
"id": "CVE-2013-1164"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 1000 Series Cisco IOS XE Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-183"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.