PT-2014-1320 · Cisco · Cisco Ios Xe+1
Published
2014-03-26
·
Updated
2017-05-23
·
CVE-2014-2113
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 15.1 through 15.3
Cisco IOS XE versions 3.3 and 3.5 before 3.5.2E
Cisco IOS XE versions 3.7 before 3.7.5S
Cisco IOS XE versions 3.8, 3.9, and 3.10 before 3.10.2S
Description
A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet.
Recommendations
For Cisco IOS versions 15.1 through 15.3, update to a fixed version.
For Cisco IOS XE versions 3.3 and 3.5 before 3.5.2E, update to version 3.5.2E or later.
For Cisco IOS XE versions 3.7 before 3.7.5S, update to version 3.7.5S or later.
For Cisco IOS XE versions 3.8, 3.9, and 3.10 before 3.10.2S, update to version 3.10.2S or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Ios
Cisco Ios Xe