Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

September 25, 2013

Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on September 25, 2013. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. The publication includes eight Security Advisories that all address vulnerabilities in Cisco IOS Software. Exploits of the individual vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or a device reload.

Use the Cisco IOS Software Checker to quickly determine whether a given Cisco IOS Software release is exposed to Cisco product vulnerabilities.

 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory
Cisco Applied Mitigation Bulletin
Cisco IntelliShield Alert CVE ID
Search CVEs
CVSS
Base Score
CVSS Q&A
OVAL
OVAL

cisco-sa-20130925-ntp

Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability
CVE-2013-5472
7.1

cisco-sa-20130925-ike

Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS and IOS XE Software Internet Key Exchange Processing Denial of Service Vulnerability
CVE-2013-5473
7.8 cisco-sa-20130925-ike-CVE-2013-5473

cisco-sa-20130925-ipv6vfr

Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability
CVE-2013-5474
7.8 cisco-sa-20130925-ipv6vfr-CVE-2013-5474

cisco-sa-20130925-dhcp

Cisco IOS Software DHCP Denial of Service Vulnerability

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS and IOS XE Software DHCP Denial of Service Vulnerability
CVE-2013-5475
7.8 cisco-sa-20130925-dhcp-CVE-2013-5475

cisco-sa-20130925-cce

Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
CVE-2013-5476
7.8 cisco-sa-20130925-cce-CVE-2013-5476

cisco-sa-20130925-wedge

Cisco IOS Software Queue Wedge Denial of Service Vulnerability

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS Software Queue Wedge Denial of Service Vulnerability
CVE-2013-5477
7.8 cisco-sa-20130925-wedge-CVE-2013-5477

cisco-sa-20130925-rsvp

Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability

Cisco IOS Software RSVP Interface Queue Wedge Vulnerability
CVE-2013-5478
7.8

cisco-sa-20130925-nat

Cisco IOS Software Network Address Translation Vulnerabilities

Refer to the "Workarounds" section of the associated Cisco Security Advisory
Cisco IOS Software Network Address Translation Denial of Service Vulnerability

CVE-2013-5479

7.8

cisco-sa-20130925-nat-CVE-2013-5479

Cisco IOS Software Network Address Translation Denial of Service Vulnerability
CVE-2013-5480
7.8 cisco-sa-20130925-nat-CVE-2013-5480
Cisco IOS Software Network Address Translation PPTP Packet Processing Denial of Service Vulnerability
CVE-2013-5481
7.1 cisco-sa-20130925-nat-CVE-2013-5481

Return to Cisco Security Intelligence Operations