CVE-2013-5476

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.1 through 15.2

Description The issue is related to the Zone-Based Firewall (ZFW) feature in Cisco IOS, specifically when content filtering or HTTP ALG inspection is enabled. It allows remote attackers to cause a denial of service, resulting in a device reload or hang, via crafted IPv4 HTTP traffic. The vulnerability is due to improper processing of specific HTTP packets. An attacker could exploit this by sending specific HTTP packets through an affected device, causing it to hang or reload.

Recommendations For Cisco IOS versions 15.1 through 15.2, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider disabling the content filtering or HTTP ALG inspection features until a patch is available. Restrict access to the Zone-Based Firewall component to minimize the risk of exploitation. Avoid using the HTTP application layer gateway (ALG) inspection feature in the affected API endpoints until the issue is resolved.