Improper input validation in Cisco Ios_xr
CVE-2014-3379
Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.008 (74.9th percentile) — read the EPSS interpretation.
Affected products
- Cisco Ios_xr — versions 2.0, 3.0, 3.0.1
- Cisco Network_convergence_system_6000
- Cisco Network_convergence_system_6008
- N/a — versions n/a
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 20140918 Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1030878 (vdb-entry, x_refsource_SECTRACK)
- 61372 (x_refsource_SECUNIA, third-party-advisory)
- 69960 (vdb-entry, x_refsource_BID)
- ciscoiosxr-cve20143379-dos(96068) (vdb-entry, x_refsource_XF)