Improper input validation in Cisco Asr_1001

CVE-2013-1165

Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug I…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (62.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Asr_1001
Cisco Asr_1002
Cisco Asr_1002_fixed_router
Cisco Asr_1002-x
Cisco Asr_1004
Cisco Asr_1006
Cisco Asr_1023_router
Cisco Ios_xe — versions 2.1.0, 2.1.1, 2.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (x_refsource_CISCO, vendor-advisory, Vendor Advisory)