CVE-2013-6692

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:N/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
ciscoios_xe
𝑥
≤ 3.8s\(.2\)
ciscoios_xe
3.7.0s:s
ciscoios_xe
3.7.1s:s
ciscoios_xe
3.7.2s:s
ciscoios_xe
3.8.0s:s
ciscoios_xe
3.8s\(.0\):s
ciscoios_xe
3.8s\(.1\):s
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6692
http://tools.cisco.com/security/center/viewAlert.x?alertId=31860
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6692
http://tools.cisco.com/security/center/viewAlert.x?alertId=31860