Improper input validation in Cisco Carrier_routing_system

CVE-2011-3283

Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (67.8th percentile) — read the EPSS interpretation.

Affected products

Cisco Carrier_routing_system — versions 3.9.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cisco-carrier-gre-dos(75341) (vdb-entry, x_refsource_XF)
1027006 (vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (x_refsource_CONFIRM, Patch)