What is the severity of CVE-2013-2779?

CVE-2013-2779 is classified as a high-severity vulnerability that can lead to denial of service on affected Cisco devices.

How do I fix CVE-2013-2779?

To mitigate CVE-2013-2779, update your Cisco IOS XE software to version 3.4.5S or later, or 3.7.1S or later.

Which devices are affected by CVE-2013-2779?

CVE-2013-2779 affects Cisco 1000 series Aggregation Services Routers (ASR) running specific vulnerable versions of Cisco IOS XE.

What impact does CVE-2013-2779 have on systems?

CVE-2013-2779 allows remote attackers to cause a denial of service by triggering a card reload in affected devices.

How can I check if my Cisco device is vulnerable to CVE-2013-2779?

You can check the version of the Cisco IOS XE running on your device against the affected versions listed in the CVE report.

Vulnerability/
CVE-2013-2779

high

7.8

CWE

11/4/2013

17/9/2024

CVE-2013-2779: Input Validation

First published: Thu Apr 11 2013(Updated: )

Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cisco IOS XE	=3.4.0as
Cisco IOS XE	=3.4.0s
Cisco IOS XE	=3.4.1s
Cisco IOS XE	=3.4.2s
Cisco IOS XE	=3.4.3s
Cisco IOS XE	=3.4.4s
Cisco IOS XE	=3.4.xs
Cisco IOS XE	=3.5.0s
Cisco IOS XE	=3.5.1s
Cisco IOS XE	=3.5.2s
Cisco IOS XE	=3.5.xs
Cisco IOS XE	=3.6.0s
Cisco IOS XE	=3.6.1s
Cisco IOS XE	=3.6.2s
Cisco IOS XE	=3.7.0s
Cisco ASR 1001
Cisco ASR 1002 Fixed Router
Cisco ASR 1002-X
Cisco ASR 1002-X
Cisco ASR 1004
Cisco ASR 1006
Cisco ASR 1013
Cisco ASR 1023 Router

Never miss a vulnerability like this again

Reference Links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Frequently Asked Questions

What is the severity of CVE-2013-2779?
CVE-2013-2779 is classified as a high-severity vulnerability that can lead to denial of service on affected Cisco devices.
How do I fix CVE-2013-2779?
To mitigate CVE-2013-2779, update your Cisco IOS XE software to version 3.4.5S or later, or 3.7.1S or later.
Which devices are affected by CVE-2013-2779?
CVE-2013-2779 affects Cisco 1000 series Aggregation Services Routers (ASR) running specific vulnerable versions of Cisco IOS XE.
What impact does CVE-2013-2779 have on systems?
CVE-2013-2779 allows remote attackers to cause a denial of service by triggering a card reload in affected devices.
How can I check if my Cisco device is vulnerable to CVE-2013-2779?
You can check the version of the Cisco IOS XE running on your device against the affected versions listed in the CVE report.

agent/type
agent/references
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco ios xe
version/cisco ios xe/3.4.0as
version/cisco ios xe/3.4.0s
version/cisco ios xe/3.4.1s
version/cisco ios xe/3.4.2s
version/cisco ios xe/3.4.3s
version/cisco ios xe/3.4.4s
version/cisco ios xe/3.4.xs
version/cisco ios xe/3.5.0s
version/cisco ios xe/3.5.1s
version/cisco ios xe/3.5.2s
version/cisco ios xe/3.5.xs
version/cisco ios xe/3.6.0s
version/cisco ios xe/3.6.1s
version/cisco ios xe/3.6.2s
version/cisco ios xe/3.7.0s
canonical/cisco asr 1001
canonical/cisco asr 1002 fixed router
canonical/cisco asr 1002-x
canonical/cisco asr 1004
canonical/cisco asr 1006
canonical/cisco asr 1013
canonical/cisco asr 1023 router