Sign-up

ID

VAR-201304-0281


CVE

CVE-2013-1155


TITLE

Cisco FWSM Service disruption in software (DOS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002218

DESCRIPTION

The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624. An attacker can exploit this issue to cause a vulnerable device to reload, triggering a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCtg02624

Trust: 1.98

sources: NVD: CVE-2013-1155 // JVNDB: JVNDB-2013-002218 // BID: 59002 // VULHUB: VHN-61157

AFFECTED PRODUCTS

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.1

Trust: 1.8

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1\(3\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(10\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1\(4\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1\(1\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1\(5\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1\(2\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(12\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(13\)

Trust: 1.6

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(17\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(8\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(2\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(5\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(3\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(20\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(18\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(5\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(16\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(11\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(6\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(1\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(11\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(14\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(12\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(3\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(2\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(14\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(7\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(13\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(15\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(4\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(19\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(1\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(6\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(4\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(8\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(15\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0\(7\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(9\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2\(10\)

Trust: 1.0

vendor:ciscomodel:firewall services module softwarescope:eqversion:3.2(20.1)

Trust: 0.8

vendor:ciscomodel:firewall services module softwarescope:ltversion:4.0

Trust: 0.8

vendor:ciscomodel:firewall services module softwarescope:ltversion:3.2

Trust: 0.8

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.0(15.2)

Trust: 0.8

vendor:ciscomodel:firewall services module softwarescope:ltversion:4.1

Trust: 0.8

vendor:ciscomodel:firewall services module softwarescope:eqversion:4.1(5.1)

Trust: 0.8

vendor:ciscomodel:firewall services modulescope:eqversion:4.1(5)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.1(1.2)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.1(1.1)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.0(15)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.0(11.1)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.0(10.1)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:4.0(6)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.2(20)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.2(17.2)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.2(16.1)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.1(21)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.1(20)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:3.1(17.2)

Trust: 0.3

vendor:ciscomodel:firewall service modulescope:eqversion:3.1(21)

Trust: 0.3

sources: BID: 59002 // JVNDB: JVNDB-2013-002218 // CNNVD: CNNVD-201304-182 // NVD: CVE-2013-1155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1155
value: HIGH

Trust: 1.0

NVD: CVE-2013-1155
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201304-182
value: HIGH

Trust: 0.6

VULHUB: VHN-61157
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1155
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61157
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61157 // JVNDB: JVNDB-2013-002218 // CNNVD: CNNVD-201304-182 // NVD: CVE-2013-1155

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-61157 // JVNDB: JVNDB-2013-002218 // NVD: CVE-2013-1155

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-182

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201304-182

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002218

PATCH
title:cisco-sa-20130410-fwsmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm
Trust: 0.8
title:28516url:http://tools.cisco.com/security/center/viewAlert.x?alertId=28516
Trust: 0.8
title:cisco-sa-20130410-fwsmurl:http://www.cisco.com/cisco/web/support/JP/111/1117/1117746_cisco-sa-20130410-fwsm-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002218

EXTERNAL IDS
db:NVDid:CVE-2013-1155
Trust: 2.8
db:JVNDBid:JVNDB-2013-002218
Trust: 0.8
db:CNNVDid:CNNVD-201304-182
Trust: 0.7
db:CISCOid:20130410 MULTIPLE VULNERABILITIES IN CISCO FIREWALL SERVICES MODULE SOFTWARE
Trust: 0.6
db:SECUNIAid:53012
Trust: 0.6
db:BIDid:59002
Trust: 0.4
db:VULHUBid:VHN-61157
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61157 // 
            
            
            
            BID: 59002 // 
            
            
            
            JVNDB: JVNDB-2013-002218 // 
            
            
            
            CNNVD: CNNVD-201304-182 // 
            
            
            
            NVD: CVE-2013-1155

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-fwsm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1155
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1155
Trust: 0.8
url:http://secunia.com/advisories/53012
Trust: 0.6
url:http://www.cisco.com/en/us/products/hw/switches/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61157 // 
            
            
            
            BID: 59002 // 
            
            
            
            JVNDB: JVNDB-2013-002218 // 
            
            
            
            CNNVD: CNNVD-201304-182 // 
            
            
            
            NVD: CVE-2013-1155

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 59002

SOURCES
db:VULHUBid:VHN-61157
db:BIDid:59002
db:JVNDBid:JVNDB-2013-002218
db:CNNVDid:CNNVD-201304-182
db:NVDid:CVE-2013-1155

LAST UPDATE DATE
2024-11-23T21:45:42.633000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61157date:2013-04-15T00:00:00
db:BIDid:59002date:2015-03-19T09:43:00
db:JVNDBid:JVNDB-2013-002218date:2013-04-15T00:00:00
db:CNNVDid:CNNVD-201304-182date:2013-04-12T00:00:00
db:NVDid:CVE-2013-1155date:2024-11-21T01:49:00.623

SOURCES RELEASE DATE
db:VULHUBid:VHN-61157date:2013-04-11T00:00:00
db:BIDid:59002date:2013-04-10T00:00:00
db:JVNDBid:JVNDB-2013-002218date:2013-04-15T00:00:00
db:CNNVDid:CNNVD-201304-182date:2013-04-12T00:00:00
db:NVDid:CVE-2013-1155date:2013-04-11T10:55:01.857