CVE-2014-2113: Input Validation
First published: Thu Mar 27 2014(Updated: )
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.
Credit: ykramarz@cisco.com psirt@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =15.1 | |
| Cisco IOS | =15.2 | |
| Cisco IOS | =15.3 | |
| Cisco IOS XE | =3.3.0s | |
| Cisco IOS XE | =3.3.0sg | |
| Cisco IOS XE | =3.3.1s | |
| Cisco IOS XE | =3.3.1sg | |
| Cisco IOS XE | =3.3.2s | |
| Cisco IOS XE | =3.3.3s | |
| Cisco IOS XE | =3.3s\(.0\) | |
| Cisco IOS XE | =3.3s\(.1\) | |
| Cisco IOS XE | =3.3s\(.2\) | |
| Cisco IOS XE | =3.5.0s | |
| Cisco IOS XE | =3.5.1s | |
| Cisco IOS XE | =3.5.xs | |
| Cisco IOS XE | =3.5s\(.0\) | |
| Cisco IOS XE | =3.5s\(.1\) | |
| Cisco IOS XE | =3.5s\(.2\) | |
| Cisco IOS XE | =3.7.0s | |
| Cisco IOS XE | =3.7.1s | |
| Cisco IOS XE | =3.7.2s | |
| Cisco IOS XE | =3.7s\(.0\) | |
| Cisco IOS XE | =3.7s\(.1\) | |
| Cisco IOS XE | =3.8.0s | |
| Cisco IOS XE | =3.8s\(.0\) | |
| Cisco IOS XE | =3.8s\(.1\) | |
| Cisco IOS XE | =3.8s\(.2\) | |
| Cisco IOS XE | =3.9.0s | |
| Cisco IOS XE | =3.9.1s | |
| Cisco IOS XE | =3.10 | |
| Cisco IOS XE | =3.10.0s | |
| Cisco IOS XE | =3.10.1s | |
| Cisco IOS XE | =3.10.1s1 | |
| =15.1 | ||
| =15.2 | ||
| =15.3 | ||
| =3.3.0s | ||
| =3.3.0sg | ||
| =3.3.1s | ||
| =3.3.1sg | ||
| =3.3.2s | ||
| =3.3.3s | ||
| =3.3s\(.0\) | ||
| =3.3s\(.1\) | ||
| =3.3s\(.2\) | ||
| =3.5.0s | ||
| =3.5.1s | ||
| =3.5.xs | ||
| =3.5s\(.0\) | ||
| =3.5s\(.1\) | ||
| =3.5s\(.2\) | ||
| =3.7.0s | ||
| =3.7.1s | ||
| =3.7.2s | ||
| =3.7s\(.0\) | ||
| =3.7s\(.1\) | ||
| =3.8.0s | ||
| =3.8s\(.0\) | ||
| =3.8s\(.1\) | ||
| =3.8s\(.2\) | ||
| =3.9.0s | ||
| =3.9.1s | ||
| =3.10 | ||
| =3.10.0s | ||
| =3.10.1s | ||
| =3.10.1s1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2113?
CVE-2014-2113 has a CVSS v2 base score of 7.8, indicating it is a high severity vulnerability.
How do I fix CVE-2014-2113?
To fix CVE-2014-2113, upgrade to the Cisco IOS or IOS XE versions that contain the patch, specifically any version after 3.5.2E or 3.10.2S.
What types of attacks does CVE-2014-2113 enable?
CVE-2014-2113 can be exploited by remote attackers to cause a denial of service by sending malformed IPv6 packets.
Which software versions are affected by CVE-2014-2113?
CVE-2014-2113 affects Cisco IOS versions 15.1 to 15.3 and IOS XE versions up to 3.10.1s.
What is the impact of exploiting CVE-2014-2113?
Exploiting CVE-2014-2113 can lead to I/O memory consumption that causes the affected device to reload.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.1
- version/cisco ios/15.2
- version/cisco ios/15.3
- canonical/cisco ios xe
- version/cisco ios xe/3.3.0s
- version/cisco ios xe/3.3.0sg
- version/cisco ios xe/3.3.1s
- version/cisco ios xe/3.3.1sg
- version/cisco ios xe/3.3.2s
- version/cisco ios xe/3.3.3s
- version/cisco ios xe/3.3s\(.0\)
- version/cisco ios xe/3.3s\(.1\)
- version/cisco ios xe/3.3s\(.2\)
- version/cisco ios xe/3.5.0s
- version/cisco ios xe/3.5.1s
- version/cisco ios xe/3.5.xs
- version/cisco ios xe/3.5s\(.0\)
- version/cisco ios xe/3.5s\(.1\)
- version/cisco ios xe/3.5s\(.2\)
- version/cisco ios xe/3.7.0s
- version/cisco ios xe/3.7.1s
- version/cisco ios xe/3.7.2s
- version/cisco ios xe/3.7s\(.0\)
- version/cisco ios xe/3.7s\(.1\)
- version/cisco ios xe/3.8.0s
- version/cisco ios xe/3.8s\(.0\)
- version/cisco ios xe/3.8s\(.1\)
- version/cisco ios xe/3.8s\(.2\)
- version/cisco ios xe/3.9.0s
- version/cisco ios xe/3.9.1s
- version/cisco ios xe/3.10
- version/cisco ios xe/3.10.0s
- version/cisco ios xe/3.10.1s
- version/cisco ios xe/3.10.1s1