CVE-2013-1166
Last modified
CVE-2013-1166 is a vulnerability of currently unknown severity. Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609.. EPSS estimates a 1.89% chance of exploitation in the next 30 days.
Description
Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Asr 1001 | All versions |
| Cisco | Asr 1002 | All versions |
| Cisco | Asr 1002-X | All versions |
| Cisco | Asr 1002 Fixed Router | All versions |
| Cisco | Asr 1004 | All versions |
| Cisco | Asr 1006 | All versions |
| Cisco | Asr 1023 Router | All versions |
| Cisco | Ios Xe | 3.2.0s |
| Cisco | Ios Xe | 3.2.1s |
| Cisco | Ios Xe | 3.2.2s |
| Cisco | Ios Xe | 3.3.0s |
| Cisco | Ios Xe | 3.3.1s |
| Cisco | Ios Xe | 3.3.2s |
| Cisco | Ios Xe | 3.4.0as |
| Cisco | Ios Xe | 3.4.0s |
| Cisco | Ios Xe | 3.4.1s |
| Cisco | Ios Xe | 3.4.2s |
| Cisco | Ios Xe | 3.4.3s |
| Cisco | Ios Xe | 3.4.4s |
| Cisco | Ios Xe | 3.7.0s |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1166?
How severe is CVE-2013-1166?
How do I fix CVE-2013-1166?
Are you affected by CVE-2013-1166?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST