CVE-2013-6686

Published: Nov 18, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability: 8.0 / Impact: 6.9

Source: NVD

Description

The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.

Affected (5)

Products: Cisco: Ios

Cisco

1 product

Ios

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Up to 15.3
Cisco Ios	Version 15.0
Cisco Ios	Version 15.0(1)se
Cisco Ios	Version 15.1
Cisco Ios	Version 15.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6686

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=31757

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6686

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=31757

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.