ID

VAR-201304-0271


CVE

CVE-2013-1166


TITLE

Cisco ASR 1000 Series Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002221

DESCRIPTION

Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This vulnerability could not be triggered by SIP traffic targeted to the affected device. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. Repeated attacks will result in a sustained denial of service. This issue is being tracked by Cisco Bug ID CSCuc65609

Trust: 2.79

sources: NVD: CVE-2013-1166 // JVNDB: JVNDB-2013-002221 // CNVD: CNVD-2013-03006 // BID: 59009 // BID: 78026 // VULHUB: VHN-61168

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-03006

AFFECTED PRODUCTS

vendor:ciscomodel:asr 1023 routerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:asr 1002 fixed routerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.4.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.7.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.3.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.0s

Trust: 1.0

vendor:ciscomodel:asr 1002-xscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1006scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.2s

Trust: 1.0

vendor:ciscomodel:asr 1001scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.1s

Trust: 1.0

vendor:ciscomodel:asr 1004scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1002scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.4.0as

Trust: 1.0

vendor:ciscomodel:asr 1002-x routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1002 fixed routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1006 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1001 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.4

Trust: 0.8

vendor:ciscomodel:asr 1002 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.2 from 3.4.5s

Trust: 0.8

vendor:ciscomodel:asr 1004 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.7

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.5 from 3.7.1s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.5

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.6

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.7

Trust: 0.6

vendor:ciscomodel:asr 1004 routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asr 1006 routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asr 1001 routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asr 1002-x routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asr 1002 routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.4

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:ios xe 3.7.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.4.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.4.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.4.0asscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.3.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.3.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.2.2sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.2.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe 3.2.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:1023-

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:1006-

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:1004-

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:1002-x-

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:1002-

Trust: 0.3

vendor:ciscomodel:asr fixed routerscope:eqversion:1002-

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:1001-

Trust: 0.3

sources: CNVD: CNVD-2013-03006 // BID: 59009 // BID: 78026 // JVNDB: JVNDB-2013-002221 // CNNVD: CNNVD-201304-185 // NVD: CVE-2013-1166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1166
value: HIGH

Trust: 1.0

NVD: CVE-2013-1166
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-03006
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-185
value: HIGH

Trust: 0.6

VULHUB: VHN-61168
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1166
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-03006
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61168
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-03006 // VULHUB: VHN-61168 // JVNDB: JVNDB-2013-002221 // CNNVD: CNNVD-201304-185 // NVD: CVE-2013-1166

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-61168 // JVNDB: JVNDB-2013-002221 // NVD: CVE-2013-1166

THREAT TYPE

network

Trust: 0.6

sources: BID: 59009 // BID: 78026

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 78026 // CNNVD: CNNVD-201304-185

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:asr_1001_router"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:asr_1002_fixed_router"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:asr_1002_router"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:asr_1002-x_router"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:asr_1004_router"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:asr_1006_router"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:cisco:ios_xe"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2013-002221

PATCH

title:cisco-sa-20130410-asr1000url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Trust: 0.8

title:28817url:http://tools.cisco.com/security/center/viewAlert.x?alertId=28817

Trust: 0.8

title:cisco-sa-20130410-asr1000url:http://www.cisco.com/cisco/web/support/JP/111/1117/1117745_cisco-sa-20130410-asr1000-j.html

Trust: 0.8

title:Patch for Cisco IOS XE SIP Communication Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/33254

Trust: 0.6

title:Cisco 1000 ASR Cisco IOS XE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164602

Trust: 0.6

sources: CNVD: CNVD-2013-03006 // JVNDB: JVNDB-2013-002221 // CNNVD: CNNVD-201304-185

EXTERNAL IDS

db:NVDid:CVE-2013-1166

Trust: 3.7

db:BIDid:59009

Trust: 1.0

db:JVNDBid:JVNDB-2013-002221

Trust: 0.8

db:CNNVDid:CNNVD-201304-185

Trust: 0.7

db:CNVDid:CNVD-2013-03006

Trust: 0.6

db:BIDid:78026

Trust: 0.4

db:VULHUBid:VHN-61168

Trust: 0.1

sources: CNVD: CNVD-2013-03006 // VULHUB: VHN-61168 // BID: 59009 // BID: 78026 // JVNDB: JVNDB-2013-002221 // CNNVD: CNNVD-201304-185 // NVD: CVE-2013-1166

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-asr1000

Trust: 2.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1166

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1166

Trust: 0.8

url:https://tools.cisco.com/bugsearch/bug/cscuj03174

Trust: 0.3

sources: CNVD: CNVD-2013-03006 // VULHUB: VHN-61168 // BID: 59009 // BID: 78026 // JVNDB: JVNDB-2013-002221 // CNNVD: CNNVD-201304-185 // NVD: CVE-2013-1166

CREDITS

Cisco

Trust: 0.3

sources: BID: 59009

SOURCES

db:CNVDid:CNVD-2013-03006
db:VULHUBid:VHN-61168
db:BIDid:59009
db:BIDid:78026
db:JVNDBid:JVNDB-2013-002221
db:CNNVDid:CNNVD-201304-185
db:NVDid:CVE-2013-1166

LAST UPDATE DATE

2024-11-23T22:27:25.310000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-03006date:2013-04-15T00:00:00
db:VULHUBid:VHN-61168date:2013-04-11T00:00:00
db:BIDid:59009date:2013-04-10T00:00:00
db:BIDid:78026date:2013-04-11T00:00:00
db:JVNDBid:JVNDB-2013-002221date:2013-04-15T00:00:00
db:CNNVDid:CNNVD-201304-185date:2021-10-08T00:00:00
db:NVDid:CVE-2013-1166date:2024-11-21T01:49:01.940

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-03006date:2013-04-15T00:00:00
db:VULHUBid:VHN-61168date:2013-04-11T00:00:00
db:BIDid:59009date:2013-04-10T00:00:00
db:BIDid:78026date:2013-04-11T00:00:00
db:JVNDBid:JVNDB-2013-002221date:2013-04-15T00:00:00
db:CNNVDid:CNNVD-201304-185date:2013-04-12T00:00:00
db:NVDid:CVE-2013-1166date:2013-04-11T10:55:01.910