Sign-up

ID

VAR-201302-0394


CVE

CVE-2013-1137


TITLE

Cisco Unified Presence Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-005961

DESCRIPTION

Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources, potentially denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCua89930

Trust: 1.98

sources: NVD: CVE-2013-1137 // JVNDB: JVNDB-2012-005961 // BID: 58205 // VULHUB: VHN-61139

AFFECTED PRODUCTS

vendor:ciscomodel:unified presence serverscope:eqversion:8.6

Trust: 1.9

vendor:ciscomodel:unified presence serverscope:eqversion:9.0

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:9.1

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:ltversion:8.6

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:eqversion:9.1.1

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:eqversion:9.0 9.1

Trust: 0.8

sources: BID: 58205 // JVNDB: JVNDB-2012-005961 // CNNVD: CNNVD-201302-604 // NVD: CVE-2013-1137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1137
value: HIGH

Trust: 1.0

NVD: CVE-2013-1137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201302-604
value: HIGH

Trust: 0.6

VULHUB: VHN-61139
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1137
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61139
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61139 // JVNDB: JVNDB-2012-005961 // CNNVD: CNNVD-201302-604 // NVD: CVE-2013-1137

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-61139 // JVNDB: JVNDB-2012-005961 // NVD: CVE-2013-1137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-604

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201302-604

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005961

PATCH
title:cisco-sa-20130227-cupsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups
Trust: 0.8
title:cisco-sa-20130227-cupsurl:http://www.cisco.com/cisco/web/support/JP/111/1117/1117488_cisco-sa-20130227-cups-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-005961

EXTERNAL IDS
db:NVDid:CVE-2013-1137
Trust: 2.8
db:JVNDBid:JVNDB-2012-005961
Trust: 0.8
db:CNNVDid:CNNVD-201302-604
Trust: 0.7
db:CISCOid:20130227 CISCO UNIFIED PRESENCE SERVER DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:58205
Trust: 0.4
db:VULHUBid:VHN-61139
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61139 // 
            
            
            
            BID: 58205 // 
            
            
            
            JVNDB: JVNDB-2012-005961 // 
            
            
            
            CNNVD: CNNVD-201302-604 // 
            
            
            
            NVD: CVE-2013-1137

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130227-cups
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1137
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1137
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61139 // 
            
            
            
            BID: 58205 // 
            
            
            
            JVNDB: JVNDB-2012-005961 // 
            
            
            
            CNNVD: CNNVD-201302-604 // 
            
            
            
            NVD: CVE-2013-1137

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 58205

SOURCES
db:VULHUBid:VHN-61139
db:BIDid:58205
db:JVNDBid:JVNDB-2012-005961
db:CNNVDid:CNNVD-201302-604
db:NVDid:CVE-2013-1137

LAST UPDATE DATE
2024-11-23T22:56:41.282000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61139date:2013-02-28T00:00:00
db:BIDid:58205date:2013-02-27T00:00:00
db:JVNDBid:JVNDB-2012-005961date:2013-03-01T00:00:00
db:CNNVDid:CNNVD-201302-604date:2013-02-28T00:00:00
db:NVDid:CVE-2013-1137date:2024-11-21T01:48:58.390

SOURCES RELEASE DATE
db:VULHUBid:VHN-61139date:2013-02-27T00:00:00
db:BIDid:58205date:2013-02-27T00:00:00
db:JVNDBid:JVNDB-2012-005961date:2013-03-01T00:00:00
db:CNNVDid:CNNVD-201302-604date:2013-02-28T00:00:00
db:NVDid:CVE-2013-1137date:2013-02-27T21:55:04.293