Vulnerability Description
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/96764
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5469Vendor Advisory
- http://www.securityfocus.com/bid/62083
- http://www.securitytracker.com/id/1028969
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86794
- http://osvdb.org/96764
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5469Vendor Advisory
- http://www.securityfocus.com/bid/62083
- http://www.securitytracker.com/id/1028969
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86794
FAQ
What is CVE-2013-5469?
CVE-2013-5469 is a vulnerability with a CVSS score of 7.1 (HIGH). The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK...
How severe is CVE-2013-5469?
CVE-2013-5469 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5469?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.