Vulnerabilities > CVE-2013-5473 - Resource Management Errors vulnerability in Cisco IOS and IOS XE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family CISCO NASL id CISCO-SA-20130925-IKE-IOSXE.NASL description A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An attacker could exploit this vulnerability by sending crafted IKE packets to a device configured with features that leverage IKE version 1 (IKEv1). Although IKEv1 is automatically enabled on a Cisco IOS XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the vulnerability can be triggered only by sending a malformed IKEv1 packet. In specific conditions, normal IKEv1 packets can also cause an affected release of Cisco IOS XE Software to leak memory. Only IKEv1 is affected by this vulnerability. An exploit could cause Cisco IOS XE Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. last seen 2019-10-28 modified 2013-10-07 plugin id 70317 published 2013-10-07 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70317 title Cisco IOS XE Software Internet Key Exchange Memory Leak Vulnerability (cisco-sa-20130925-ike) NASL family CISCO NASL id CISCO-SA-20130925-IKE.NASL description A vulnerability exists in the Internet Key Exchange (IKE) protocol of Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An attacker could exploit this vulnerability by sending crafted IKE packets to a device configured with features that leverage IKE version 1 (IKEv1). Although IKEv1 is automatically enabled on a Cisco IOS Software when IKEv1 or IKE version 2 (IKEv2) is configured the vulnerability can be triggered only by sending a malformed IKEv1 packet. In specific conditions, normal IKEv1 packets can also cause an affected release of Cisco IOS Software to leak memory. Only IKEv1 is affected by this vulnerability. An exploit could cause Cisco IOS Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. last seen 2019-10-28 modified 2013-10-07 plugin id 70318 published 2013-10-07 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70318 title Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability (cisco-sa-20130925-ike)