Cisco IOS XR Software Route Processor Denial of Service Vulnerability (cisco-sa-20131023-iosxr)

high Nessus Plugin ID 71438

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco IOS XR Software Releases 3.3.0 to 4.2.0 contain a vulnerability when handling fragmented packets that could result in a denial of service (DoS) condition of the Cisco CRS Route Processor cards listed in the 'Affected Products' section of this advisory. The vulnerability is due to improper handling of fragmented packets. The vulnerability could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the Software Maintenance Upgrades (SMU) for Cisco bug ID CSCtz62593 are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20131023-iosxr.

See Also

http://www.nessus.org/u?15a5e418

Plugin Details

Severity: High

ID: 71438

File Name: cisco-sa-20131023-iosxr.nasl

Version: 1.7

Type: combined

Family: CISCO

Published: 12/14/2013

Updated: 4/8/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2013-5549

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Host/Cisco/IOS-XR/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/23/2013

Vulnerability Publication Date: 10/23/2013

Reference Information

CVE: CVE-2013-5549

BID: 63298

CISCO-SA: cisco-sa-20131023-iosxr

CISCO-BUG-ID: CSCuh30380