CVE-2013-5472

Cisco IOS 12.0-12.4 and 15.0-15.1 and IOS XE 2.1-3.3 - Denial of Service via MSDP SA Message Handling

Title source: llm
STIX 2.1

Description

The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.

References (1)

Core 1
Core References

Scores

EPSS 0.0175
EPSS Percentile 75.2%

Details

CWE
CWE-20
Status published
Products (47)
cisco/ios 12.0
cisco/ios 12.1
cisco/ios 12.2
cisco/ios 12.3
cisco/ios 12.4
cisco/ios 15.0
cisco/ios 15.1
cisco/ios_xe 2.1.0
cisco/ios_xe 2.1.1
cisco/ios_xe 2.1.2
... and 37 more
Published Sep 27, 2013
Tracked Since Feb 18, 2026