CVE-2013-1148

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S

Description The General Responder implementation in the IP Service Level Agreement (SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition via crafted IPv4 or IPv6 IP SLA packets on UDP port 1167.

Recommendations For Cisco IOS 15.2, update to a version that addresses this vulnerability. For IOS XE 3.1.xS through 3.4.xS, update to 3.4.5S or later. For IOS XE 3.5.xS through 3.7.xS, update to 3.7.2S or later. As a temporary workaround, consider restricting access to UDP port 1167 to minimize the risk of exploitation.