ID

VAR-201303-0390


CVE

CVE-2013-1143


TITLE

Cisco IOS and IOS XE of RSVP Service disruption in protocol implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002081

DESCRIPTION

The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957. Attackers can exploit this issue to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtg39957.http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg39957http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg39957. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2013-1143 // JVNDB: JVNDB-2013-002081 // BID: 58743 // VULHUB: VHN-61145

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 2.4

vendor:ciscomodel:iosscope:eqversion:15.2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.0

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.1.3s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.0\(1\)se

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.1.0s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.1.1s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.3

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.1.2s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.4.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.5.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.5.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.1.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.5.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.3s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.0 to 15.2

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.1.xs to 3.4.xs

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.4.5s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.5.xs to 3.7.xs

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.7.2s

Trust: 0.8

vendor:ciscomodel:ios xe 3.3.xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2fxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ewscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0xoscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2fzscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1mrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2srscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ewascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2fyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2srcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1snhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1 eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.1.xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2srdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2srescope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.2seescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1sngscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ezscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ircscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.2.xsscope: - version: -

Trust: 0.3

sources: BID: 58743 // JVNDB: JVNDB-2013-002081 // CNNVD: CNNVD-201303-565 // NVD: CVE-2013-1143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1143
value: HIGH

Trust: 1.0

NVD: CVE-2013-1143
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201303-565
value: HIGH

Trust: 0.6

VULHUB: VHN-61145
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1143
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61145
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61145 // JVNDB: JVNDB-2013-002081 // CNNVD: CNNVD-201303-565 // NVD: CVE-2013-1143

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-61145 // JVNDB: JVNDB-2013-002081 // NVD: CVE-2013-1143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-565

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201303-565

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:cisco:ios"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:cisco:ios_xe"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2013-002081

PATCH

title:cisco-sa-20130327-rsvpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp

Trust: 0.8

title:Cisco IOS Software RSVP Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1143

Trust: 0.8

title:cisco-sa-20130327-rsvpurl:http://www.cisco.com/cisco/web/support/JP/111/1117/1117674_cisco-sa-20130327-rsvp-j.html

Trust: 0.8

sources: JVNDB: JVNDB-2013-002081

EXTERNAL IDS

db:NVDid:CVE-2013-1143

Trust: 2.8

db:BIDid:58743

Trust: 1.0

db:JVNDBid:JVNDB-2013-002081

Trust: 0.8

db:CNNVDid:CNNVD-201303-565

Trust: 0.7

db:CISCOid:20130327 CISCO IOS SOFTWARE RSVP DENIAL OF SERVICE VULNERABILITY

Trust: 0.6

db:CISCOid:20130327 CISCO IOS SOFTWARE RESOURCE RESERVATION PROTOCOL DENIAL OF SERVICE VULNERABILITY

Trust: 0.6

db:SECUNIAid:52789

Trust: 0.6

db:VULHUBid:VHN-61145

Trust: 0.1

sources: VULHUB: VHN-61145 // BID: 58743 // JVNDB: JVNDB-2013-002081 // CNNVD: CNNVD-201303-565 // NVD: CVE-2013-1143

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1143

Trust: 1.7

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130327-rsvp

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1143

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1143

Trust: 0.8

url:http://secunia.com/advisories/52789

Trust: 0.6

url:http://www.securityfocus.com/bid/58743

Trust: 0.6

sources: VULHUB: VHN-61145 // JVNDB: JVNDB-2013-002081 // CNNVD: CNNVD-201303-565 // NVD: CVE-2013-1143

CREDITS

Cisco

Trust: 0.9

sources: BID: 58743 // CNNVD: CNNVD-201303-565

SOURCES

db:VULHUBid:VHN-61145
db:BIDid:58743
db:JVNDBid:JVNDB-2013-002081
db:CNNVDid:CNNVD-201303-565
db:NVDid:CVE-2013-1143

LAST UPDATE DATE

2024-11-23T23:05:54.189000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-61145date:2013-03-29T00:00:00
db:BIDid:58743date:2013-03-27T00:00:00
db:JVNDBid:JVNDB-2013-002081date:2013-04-01T00:00:00
db:CNNVDid:CNNVD-201303-565date:2013-03-29T00:00:00
db:NVDid:CVE-2013-1143date:2024-11-21T01:48:59.110

SOURCES RELEASE DATE

db:VULHUBid:VHN-61145date:2013-03-28T00:00:00
db:BIDid:58743date:2013-03-27T00:00:00
db:JVNDBid:JVNDB-2013-002081date:2013-04-01T00:00:00
db:CNNVDid:CNNVD-201303-565date:2013-03-28T00:00:00
db:NVDid:CVE-2013-1143date:2013-03-28T23:55:01.563