Sign-up

ID

VAR-201305-0115


CVE

CVE-2013-1241


TITLE

Cisco ISR G2 Runs on the router Cisco IOS of ISM Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002586

DESCRIPTION

The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. The Cisco ISR G2 routers are an integrated multiservice router. attack. Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue may allow an attacker to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCub92025

Trust: 2.52

sources: NVD: CVE-2013-1241 // JVNDB: JVNDB-2013-002586 // CNVD: CNVD-2013-05174 // BID: 59774 // VULHUB: VHN-61243

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-05174

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:887v integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:1941 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:886va-w integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:c881w integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:880 3g integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:3925e integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:3925 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:2951 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:1921 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:891 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:892 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:887va-w integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:886va integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:888 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:887va integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:2901 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:1941w integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:887 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:3945e integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:2911 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:2921 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:861 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:881 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:867 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:886 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:3945 integrated services routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:1921 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:1941 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:1941w integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:2901 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:2911 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:2921 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:2951 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:3925 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:3925e integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:3945 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:3945e integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:861 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:867 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:880g 3g wireless service integrated routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:881 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:886 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:886va integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:886va-w integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:887 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:887v integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:887va integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:887va-w integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:888 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:891 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:892 integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:c881w integrated service routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope:lteversion:15.3(200)t

Trust: 0.8

vendor:ciscomodel:isr g2 routersscope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-05174 // BID: 59774 // JVNDB: JVNDB-2013-002586 // CNNVD: CNNVD-201305-164 // NVD: CVE-2013-1241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1241
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1241
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-05174
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201305-164
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1241
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-05174
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61243
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-05174 // VULHUB: VHN-61243 // JVNDB: JVNDB-2013-002586 // CNNVD: CNNVD-201305-164 // NVD: CVE-2013-1241

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-61243 // JVNDB: JVNDB-2013-002586 // NVD: CVE-2013-1241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-164

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201305-164

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002586

PATCH
title:Cisco ISM Malformed Authentication Header Packet Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1241
Trust: 0.8
title:29252url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29252
Trust: 0.8
title:Cisco ISR G2 Router ISM Module Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/33958
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-05174 // 
            
            
            
            JVNDB: JVNDB-2013-002586

EXTERNAL IDS
db:NVDid:CVE-2013-1241
Trust: 3.4
db:JVNDBid:JVNDB-2013-002586
Trust: 0.8
db:CNNVDid:CNNVD-201305-164
Trust: 0.7
db:CNVDid:CNVD-2013-05174
Trust: 0.6
db:CISCOid:20130506 CISCO ISM MALFORMED AUTHENTICATION HEADER PACKET DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:59774
Trust: 0.4
db:VULHUBid:VHN-61243
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-05174 // 
            
            
            
            VULHUB: VHN-61243 // 
            
            
            
            BID: 59774 // 
            
            
            
            JVNDB: JVNDB-2013-002586 // 
            
            
            
            CNNVD: CNNVD-201305-164 // 
            
            
            
            NVD: CVE-2013-1241

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1241
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1241
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1241
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-05174 // 
            
            
            
            VULHUB: VHN-61243 // 
            
            
            
            BID: 59774 // 
            
            
            
            JVNDB: JVNDB-2013-002586 // 
            
            
            
            CNNVD: CNNVD-201305-164 // 
            
            
            
            NVD: CVE-2013-1241

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 59774

SOURCES
db:CNVDid:CNVD-2013-05174
db:VULHUBid:VHN-61243
db:BIDid:59774
db:JVNDBid:JVNDB-2013-002586
db:CNNVDid:CNNVD-201305-164
db:NVDid:CVE-2013-1241

LAST UPDATE DATE
2024-11-23T22:31:27.496000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-05174date:2013-05-13T00:00:00
db:VULHUBid:VHN-61243date:2013-05-08T00:00:00
db:BIDid:59774date:2013-05-24T15:04:00
db:JVNDBid:JVNDB-2013-002586date:2013-05-09T00:00:00
db:CNNVDid:CNNVD-201305-164date:2014-02-26T00:00:00
db:NVDid:CVE-2013-1241date:2024-11-21T01:49:10.487

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-05174date:2013-05-13T00:00:00
db:VULHUBid:VHN-61243date:2013-05-08T00:00:00
db:BIDid:59774date:2013-05-06T00:00:00
db:JVNDBid:JVNDB-2013-002586date:2013-05-09T00:00:00
db:CNNVDid:CNNVD-201305-164date:2013-05-08T00:00:00
db:NVDid:CVE-2013-1241date:2013-05-08T12:09:33.697