Vulnerabilities > CVE-2013-5503 - Resource Management Errors vulnerability in Cisco IOS XR 4.3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20131002-IOSXR.NASL |
| description | Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. |
| last seen | 2019-10-28 |
| modified | 2013-12-14 |
| plugin id | 71437 |
| published | 2013-12-14 |
| reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/71437 |
| title | Cisco IOS XR Software Memory Exhaustion Vulnerability (cisco-sa-20131002-iosxr) |