CVE-2013-5503 : The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote

The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

Published 2013-10-02 22:55:24

Updated 2013-10-03 17:58:08

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2013-5503

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-5503

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2013-5503

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-5503

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr

Cisco IOS XR Software Memory Exhaustion Vulnerability
Vendor Advisory

Products affected by CVE-2013-5503

Cisco » Ios Xr » Version: 4.3.1
cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-5503

Exploit prediction scoring system (EPSS) score for CVE-2013-5503

CVSS scores for CVE-2013-5503

CWE ids for CVE-2013-5503

References for CVE-2013-5503

Products affected by CVE-2013-5503