CVE-2013-6693 - OpenCVE

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:H/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	7600 Router Ios

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios:15.3\(2\)s:::::::*
	cpe:2.3:o:cisco:ios:15.3s:::::::*

cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6693	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31861	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2013-11-22T01:00:00

Updated: 2013-11-23T18:10:04

Reserved: 2013-11-07T00:00:00

Link: CVE-2013-6693

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-11-22T01:55:04.073

Modified: 2013-11-22T22:43:31.837

Link: CVE-2013-6693

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-23T18:10:04", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861"}, {"name": "20131121 Cisco IOS Software MLDP Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6693"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-6693", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861"}, {"name": "20131121 Cisco IOS Software MLDP Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6693"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-6693", "datePublished": "2013-11-22T01:00:00", "dateReserved": "2013-11-07T00:00:00", "dateUpdated": "2013-11-23T18:10:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "E01C8A6F-C3C1-476F-AE1A-CF2327ADA912", "versionEndIncluding": "15.3\\(3\\)s", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.3\\(2\\)s:*:*:*:*:*:*:*", "matchCriteriaId": "36979139-66D2-40DD-A865-547BA9D49786", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.3s:*:*:*:*:*:*:*", "matchCriteriaId": "2D105A75-3C37-4B44-8248-6037C98F2F93", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "9097F459-1AE3-4924-8E81-046F84FBB041", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345."}, {"lang": "es", "value": "La implementaci\u00f3n MLDP en Cisco IOS 15.3(3)S y anteriores versiones de routers 7600, cuando son configurados varios VRFs, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de chunk y reinicio del dispositivo) mediante el establecimiento de varios flujos multidifusi\u00f3n, tambi\u00e9n conocido como Bug IDCSCue22345."}], "id": "CVE-2013-6693", "lastModified": "2013-11-22T22:43:31.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-22T01:55:04.073", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6693"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}