CVE-2013-1167

Published: Apr 11, 2013Modified: Apr 29, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.

Affected (31)

Products: Cisco: Ios Xe, Asr 1001, Asr 1002, Asr 1002 X, Asr 1002 Fixed Router, Asr 1004, Asr 1006, Asr 1013, Asr 1023 Router

9 products

Asr 1002 Fixed Router

Configuration A

31 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 3.2.00.xo.15.0(2)xo
Cisco Ios Xe	Version 3.2.0s
Cisco Ios Xe	Version 3.2.0sg
Cisco Ios Xe	Version 3.2.0xo
Cisco Ios Xe	Version 3.2.1s
Cisco Ios Xe	Version 3.2.1sg
Cisco Ios Xe	Version 3.2.2s
Cisco Ios Xe	Version 3.2.2sg
Cisco Ios Xe	Version 3.2.3sg
Cisco Ios Xe	Version 3.2.4sg
Cisco Ios Xe	Version 3.3.0s
Cisco Ios Xe	Version 3.3.0sg
Cisco Ios Xe	Version 3.3.1s
Cisco Ios Xe	Version 3.3.1sg
Cisco Ios Xe	Version 3.3.2s
Cisco Ios Xe	Version 3.3.3s
Cisco Ios Xe	Version 3.4.0as
Cisco Ios Xe	Version 3.4.0s
Cisco Ios Xe	Version 3.4.1s
Cisco Ios Xe	Version 3.5.0s
Cisco Ios Xe	Version 3.5.1s
Cisco Ios Xe	Version 3.5.2s
Cisco Ios Xe	Version 3.5.xs
Cisco Asr 1001	All versions
Cisco Asr 1002	All versions
Cisco Asr 1002 X	All versions
Cisco Asr 1002 Fixed Router	All versions
Cisco Asr 1004	All versions
Cisco Asr 1006	All versions
Cisco Asr 1013	All versions
Cisco Asr 1023 Router	All versions

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.