CVE-2013-5543

Published: Oct 31, 2013Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.

Affected (9)

Products: Cisco: Ios Xe, Asr 1001, Asr 1002, Asr 1002 X, Asr 1004, Asr 1006, Asr 1023 Router

7 products

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 3.4.0as
Cisco Ios Xe	Version 3.4.0s
Cisco Ios Xe	Version 3.4.1s
Cisco Asr 1001	All versions
Cisco Asr 1002	All versions
Cisco Asr 1002 X	All versions
Cisco Asr 1004	All versions
Cisco Asr 1006	All versions
Cisco Asr 1023 Router	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.