Vulnerability Details : CVE-2013-6981
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-6981
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.7s\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.6s\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.6s\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.6s\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.5s\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.5s\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1s\(.3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1s\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.3s\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.3s\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.2s\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.2s\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.6\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.5\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.4\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.6\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.6\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.6\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.5\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.5s\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.4s\(.1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.3s\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.2s\(.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1s\(.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1s\(.0\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6981
1.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6981
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:N/AC:H/Au:N/C:N/I:N/A:C |
4.9
|
6.9
|
NIST |
CWE ids for CVE-2013-6981
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6981
-
http://www.securityfocus.com/bid/64514
Cisco IOS XE Software MPLS IP Fragmentation Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6981
Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1029538
Cisco IOS XE MPLS IP Fragmentation Bug Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32281
Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service VulnerabilityVendor Advisory
Jump to