CVE-2013-1167

Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.

Published: Apr 11, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1167
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	3.2.00.xo.15.0(2)xo	3.2.00.xo.15.0(2)xo.x
cisco / ios_xe	3.2.0s	3.2.0s.x
cisco / ios_xe	3.2.0sg	3.2.0sg.x
cisco / ios_xe	3.2.0xo	3.2.0xo.x
cisco / ios_xe	3.2.1s	3.2.1s.x
cisco / ios_xe	3.2.1sg	3.2.1sg.x
cisco / ios_xe	3.2.2s	3.2.2s.x
cisco / ios_xe	3.2.2sg	3.2.2sg.x
cisco / ios_xe	3.2.3sg	3.2.3sg.x
cisco / ios_xe	3.2.4sg	3.2.4sg.x
cisco / ios_xe	3.3.0s	3.3.0s.x
cisco / ios_xe	3.3.0sg	3.3.0sg.x
cisco / ios_xe	3.3.1s	3.3.1s.x
cisco / ios_xe	3.3.1sg	3.3.1sg.x
cisco / ios_xe	3.3.2s	3.3.2s.x
cisco / ios_xe	3.3.3s	3.3.3s.x
cisco / ios_xe	3.4.0as	3.4.0as.x
cisco / ios_xe	3.4.0s	3.4.0s.x
cisco / ios_xe	3.4.1s	3.4.1s.x
cisco / ios_xe	3.5.0s	3.5.0s.x
cisco / ios_xe	3.5.1s	3.5.1s.x
cisco / ios_xe	3.5.2s	3.5.2s.x
cisco / ios_xe	3.5.xs	3.5.xs.x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Vulnerability Database

289,599

CVE-2013-1167