Improper input validation in Cisco Asr_1001

CVE-2014-2183

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (53.2th percentile) — read the EPSS interpretation.

Affected products

Cisco Asr_1001
Cisco Asr_1002
Cisco Asr_1002_fixed_router
Cisco Asr_1002-x
Cisco Asr_1004
Cisco Asr_1006
Cisco Asr_1013
Cisco Asr_1023_router
Cisco Ios_xe — versions 3.10, 3.10.0s, 3.10.1s
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)