Details of VAR-201304-0262

ID

VAR-201304-0262

CVE

CVE-2013-1199

TITLE

Cisco ASA Clientless running on SSL VPN Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002416

DESCRIPTION

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. An attacker can exploit this issue to reload an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub58996

Trust: 2.07

sources: NVD: CVE-2013-1199 // JVNDB: JVNDB-2013-002416 // BID: 59359 // VULHUB: VHN-61201 // VULMON: CVE-2013-1199

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance clientless ssl vpn	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	clientless ssl vpn	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-002416 // CNNVD: CNNVD-201304-421 // NVD: CVE-2013-1199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1199
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1199
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201304-421
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61201
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-1199
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1199
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-61201
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61201 // VULMON: CVE-2013-1199 // JVNDB: JVNDB-2013-002416 // CNNVD: CNNVD-201304-421 // NVD: CVE-2013-1199

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-61201 // JVNDB: JVNDB-2013-002416 // NVD: CVE-2013-1199

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-421

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201304-421

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002416

PATCH

title:	Cisco ASA Clientless SSL VPN CIFS Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1199	Trust: 0.8
title:	29015	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29015	Trust: 0.8
title:	Cisco: Cisco ASA Clientless SSL VPN CIFS Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20130417-CVE-2013-1199	Trust: 0.1

sources: VULMON: CVE-2013-1199 // JVNDB: JVNDB-2013-002416

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1199	Trust: 2.9
db:	JVNDB	id:	JVNDB-2013-002416	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-421	Trust: 0.7
db:	CISCO	id:	20130417 CISCO ASA CLIENTLESS SSL VPN CIFS DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	59359	Trust: 0.4
db:	VULHUB	id:	VHN-61201	Trust: 0.1
db:	VULMON	id:	CVE-2013-1199	Trust: 0.1

sources: VULHUB: VHN-61201 // VULMON: CVE-2013-1199 // BID: 59359 // JVNDB: JVNDB-2013-002416 // CNNVD: CNNVD-201304-421 // NVD: CVE-2013-1199

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1199	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1199	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1199	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130417-cve-2013-1199	Trust: 0.1

sources: VULHUB: VHN-61201 // VULMON: CVE-2013-1199 // BID: 59359 // JVNDB: JVNDB-2013-002416 // CNNVD: CNNVD-201304-421 // NVD: CVE-2013-1199

CREDITS

Cisco

Trust: 0.3

sources: BID: 59359

SOURCES

db:	VULHUB	id:	VHN-61201
db:	VULMON	id:	CVE-2013-1199
db:	BID	id:	59359
db:	JVNDB	id:	JVNDB-2013-002416
db:	CNNVD	id:	CNNVD-201304-421
db:	NVD	id:	CVE-2013-1199

LAST UPDATE DATE

2024-11-23T22:42:40.761000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61201	date:	2013-04-19T00:00:00
db:	VULMON	id:	CVE-2013-1199	date:	2013-04-19T00:00:00
db:	BID	id:	59359	date:	2013-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-002416	date:	2013-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-421	date:	2013-04-19T00:00:00
db:	NVD	id:	CVE-2013-1199	date:	2024-11-21T01:49:06.057

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61201	date:	2013-04-18T00:00:00
db:	VULMON	id:	CVE-2013-1199	date:	2013-04-18T00:00:00
db:	BID	id:	59359	date:	2013-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-002416	date:	2013-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-421	date:	2013-04-19T00:00:00
db:	NVD	id:	CVE-2013-1199	date:	2013-04-18T18:55:07