Details of VAR-201304-0170

ID

VAR-201304-0170

CVE

CVE-2013-1215

TITLE

Cisco Adaptive Security Appliance of Easy VPN Vulnerability gained privileges in components

Trust: 0.8

sources: JVNDB: JVNDB-2013-002501

DESCRIPTION

The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. Vendors have confirmed this vulnerability Bug ID CSCuf85295 It is released as.Authority may be obtained by local users. Local attackers can exploit this issue to gain elevated privileges, which may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuf85295. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more

Trust: 1.98

sources: NVD: CVE-2013-1215 // JVNDB: JVNDB-2013-002501 // BID: 59262 // VULHUB: VHN-61217

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	asa 5500	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	5500 series adaptive security appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance 5500 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55050	Trust: 0.3

sources: BID: 59262 // JVNDB: JVNDB-2013-002501 // CNNVD: CNNVD-201304-546 // NVD: CVE-2013-1215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1215
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1215
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201304-546
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61217
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1215
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61217
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61217 // JVNDB: JVNDB-2013-002501 // CNNVD: CNNVD-201304-546 // NVD: CVE-2013-1215

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61217 // JVNDB: JVNDB-2013-002501 // NVD: CVE-2013-1215

THREAT TYPE

local

Trust: 0.9

sources: BID: 59262 // CNNVD: CNNVD-201304-546

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-546

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002501

PATCH

title:	Cisco ASA Software Easy VPN Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1215	Trust: 0.8
title:	29082	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29082	Trust: 0.8

sources: JVNDB: JVNDB-2013-002501

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1215	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002501	Trust: 0.8
db:	CISCO	id:	20130424 CISCO ASA SOFTWARE EASY VPN PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-201304-546	Trust: 0.6
db:	BID	id:	59262	Trust: 0.4
db:	VULHUB	id:	VHN-61217	Trust: 0.1

sources: VULHUB: VHN-61217 // BID: 59262 // JVNDB: JVNDB-2013-002501 // CNNVD: CNNVD-201304-546 // NVD: CVE-2013-1215

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1215	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1215	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1215	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3

sources: VULHUB: VHN-61217 // BID: 59262 // JVNDB: JVNDB-2013-002501 // CNNVD: CNNVD-201304-546 // NVD: CVE-2013-1215

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 59262

SOURCES

db:	VULHUB	id:	VHN-61217
db:	BID	id:	59262
db:	JVNDB	id:	JVNDB-2013-002501
db:	CNNVD	id:	CNNVD-201304-546
db:	NVD	id:	CVE-2013-1215

LAST UPDATE DATE

2024-11-23T22:18:45.907000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61217	date:	2013-04-26T00:00:00
db:	BID	id:	59262	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002501	date:	2013-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201304-546	date:	2013-04-26T00:00:00
db:	NVD	id:	CVE-2013-1215	date:	2024-11-21T01:49:07.693

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61217	date:	2013-04-25T00:00:00
db:	BID	id:	59262	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002501	date:	2013-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201304-546	date:	2013-04-26T00:00:00
db:	NVD	id:	CVE-2013-1215	date:	2013-04-25T20:55:09.587