7.1

CVE-2013-5472

The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xe Version2.1.0
CiscoIos Xe Version2.1.1
CiscoIos Xe Version2.1.2
CiscoIos Xe Version2.2.1
CiscoIos Xe Version2.2.2
CiscoIos Xe Version2.2.3
CiscoIos Xe Version2.3.0
CiscoIos Xe Version2.3.1
CiscoIos Xe Version2.3.1t
CiscoIos Xe Version2.3.2
CiscoIos Xe Version2.4.0
CiscoIos Xe Version2.4.1
CiscoIos Xe Version2.4.2
CiscoIos Xe Version2.4.3
CiscoIos Xe Version2.4.4
CiscoIos Xe Version2.5.0
CiscoIos Xe Version2.5.1
CiscoIos Xe Version2.5.2
CiscoIos Xe Version2.6.0
CiscoIos Xe Version2.6.1
CiscoIos Xe Version2.6.2
CiscoIos Xe Version3.1.0s
CiscoIos Xe Version3.1.0sg
CiscoIos Xe Version3.1.1s
CiscoIos Xe Version3.1.1sg
CiscoIos Xe Version3.1.2s
CiscoIos Xe Version3.1.3s
CiscoIos Xe Version3.1.4s
CiscoIos Xe Version3.2.0s
CiscoIos Xe Version3.2.0sg
CiscoIos Xe Version3.2.0xo
CiscoIos Xe Version3.2.1s
CiscoIos Xe Version3.2.1sg
CiscoIos Xe Version3.2.2s
CiscoIos Xe Version3.2.2sg
CiscoIos Xe Version3.2.3sg
CiscoIos Xe Version3.2.4sg
CiscoIos Xe Version3.3.0s
CiscoIos Xe Version3.3.0sg
CiscoIos Version12.0
CiscoIos Version12.1
CiscoIos Version12.2
CiscoIos Version12.3
CiscoIos Version12.4
CiscoIos Version15.0
CiscoIos Version15.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.598
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.