CVE-2013-1143

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 and 15.0 through 15.2 Cisco IOS XE versions 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S

Description The vulnerability in the RSVP protocol implementation allows remote attackers to cause a denial of service via a traffic engineering PATH message in an RSVP packet when MPLS-TE is enabled. Successful exploitation could allow an unauthenticated, remote attacker to cause a reload of the affected device, potentially resulting in a sustained denial of service condition.

Recommendations For Cisco IOS versions 12.2 and 15.0 through 15.2, update to a version that addresses this vulnerability. For Cisco IOS XE versions 3.1.xS through 3.4.xS, update to version 3.4.5S or later. For Cisco IOS XE versions 3.5.xS through 3.7.xS, update to version 3.7.2S or later. As a temporary workaround, consider disabling the MPLS-TE feature until a patch is available.