Vulnerability Description
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | <= 3.7s\(.1\) |
| Cisco | Asr 1001 | - |
| Cisco | Asr 1002 | - |
| Cisco | Asr 1002-X | - |
| Cisco | Asr 1002 Fixed Router | - |
| Cisco | Asr 1004 | - |
| Cisco | Asr 1006 | - |
| Cisco | Asr 1013 | - |
| Cisco | Asr 1023 Router | - |
Related Weaknesses (CWE)
References
- http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_
- http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_
FAQ
What is CVE-2012-5723?
CVE-2012-5723 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packe...
How severe is CVE-2012-5723?
CVE-2012-5723 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5723?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Asr 1001, Cisco Asr 1002, Cisco Asr 1002-X, Cisco Asr 1002 Fixed Router.