CVE-2013-1241

Name of the Vulnerable Software and Affected Versions Cisco IOS on ISR G2 routers (affected versions not specified)

Description The issue arises from the improper handling of authentication-header packets by the ISM module in Cisco IOS on ISR G2 routers. This allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets. The vulnerability is due to improper processing of malformed authentication header packets. An attacker could exploit this by sending a stream of malformed authentication header packets over an established IPsec security association, causing a reload of the affected module and resulting in a denial of service (DoS) condition for IPsec traffic. The attacker must first authenticate to the targeted system to send the malformed packets, limiting the possibility of a successful exploit.

Recommendations To resolve the issue, customers are advised to review the bug reports in the "Vendor Announcements" section for a current list of affected versions and apply the available software updates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.