TCP Reassembly Vulnerability in Cisco IOS XE Affects ASR Devices
CVE-2013-5546

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios Xe; Asr 1001; Asr 1002; Asr 1002-x
Vendor: CVE Published:; 31 October 2013

Summary

A vulnerability exists in the TCP reassembly feature of Cisco IOS XE, impacting versions prior to 3.7.3S and 3.8.1S on ASR 1000 Series devices. This flaw permits remote attackers to exploit large TCP packets, potentially leading to a denial of service through device reloads. This issue is associated with the NAT and ALG components within the system, and it has a known reference marked as Bug ID CSCud72509. It emphasizes the need for timely updates to mitigate potential risks.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 31, 2013