CVE-2013-6704

Name of the Vulnerable Software and Affected Versions Cisco IOS XE (affected versions not specified)

Description The issue arises from improper memory management for TFTP UDP flows, allowing remote attackers to cause a denial of service through memory consumption. This can be achieved via TFTP client or server traffic. An attacker could exploit this by starting a local TFTP transaction or requesting a TFTP file operation when the device is configured as a TFTP server, causing the flow manager to hold UDP sessions in its table. This leads to decreased memory and potentially results in system instability or a crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.