CVE-2013-5472
Cisco IOS 12.0-12.4 and 15.0-15.1 and IOS XE 2.1-3.3 - Denial of Service via MSDP SA Message Handling
Title source: llmDescription
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ntp
Scores
EPSS
0.0175
EPSS Percentile
75.2%
Details
CWE
CWE-20
Status
published
Products (47)
cisco/ios
12.0
cisco/ios
12.1
cisco/ios
12.2
cisco/ios
12.3
cisco/ios
12.4
cisco/ios
15.0
cisco/ios
15.1
cisco/ios_xe
2.1.0
cisco/ios_xe
2.1.1
cisco/ios_xe
2.1.2
... and 37 more
Published
Sep 27, 2013
Tracked Since
Feb 18, 2026