Improper input validation in Cisco Asr_9000_rsp440_router
CVE-2012-2488
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (69.8th percentile) — read the EPSS interpretation.
Affected products
- Cisco Asr_9000_rsp440_router
- Cisco Crs_performance_route_processor
- Cisco Ios_xr — versions 4.0.3, 4.0.4, 4.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 49329 (x_refsource_SECUNIA, third-party-advisory)
- 1027104 (vdb-entry, x_refsource_SECTRACK)
- 20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 53728 (vdb-entry, x_refsource_BID)