Sign-up

ID

VAR-201305-0153


CVE

CVE-2013-1213


TITLE

Cisco Nexus 1000V Run on Cisco NX-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002855

DESCRIPTION

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. Vendors have confirmed this vulnerability Bug ID CSCud14840 It is released as.A large amount by a third party UDP Service disruption via packets (VEM False reports of non-operational status ) There is a possibility of being put into a state. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The delivery could not be successful, causing the VSM to report that the affected VEM is unavailable and causing a denial of service attack. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCud14840

Trust: 2.52

sources: NVD: CVE-2013-1213 // JVNDB: JVNDB-2013-002855 // CNVD: CNVD-2013-06428 // BID: 60221 // VULHUB: VHN-61215

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-06428

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 1.4

vendor:ciscomodel:nexus 1000vscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 1000v switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexusscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nx-os 4.2 sv1scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2013-06428 // BID: 60221 // JVNDB: JVNDB-2013-002855 // CNNVD: CNNVD-201305-610 // NVD: CVE-2013-1213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1213
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1213
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-06428
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201305-610
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61215
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1213
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-06428
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61215
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-06428 // VULHUB: VHN-61215 // JVNDB: JVNDB-2013-002855 // CNNVD: CNNVD-201305-610 // NVD: CVE-2013-1213

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-61215 // JVNDB: JVNDB-2013-002855 // NVD: CVE-2013-1213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-610

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201305-610

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002855

PATCH
title:Cisco Nexus 1000V VSM/VEM Heartbeat Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1213
Trust: 0.8
title:28217url:http://tools.cisco.com/security/center/viewAlert.x?alertId=28217
Trust: 0.8
title:Patch for Cisco Nexus 1000V VSM/VEM Heartbeat Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/34386
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-06428 // 
            
            
            
            JVNDB: JVNDB-2013-002855

EXTERNAL IDS
db:NVDid:CVE-2013-1213
Trust: 3.4
db:JVNDBid:JVNDB-2013-002855
Trust: 0.8
db:CNNVDid:CNNVD-201305-610
Trust: 0.7
db:CNVDid:CNVD-2013-06428
Trust: 0.6
db:CISCOid:20130528 CISCO NEXUS 1000V VSM/VEM HEARTBEAT DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:60221
Trust: 0.4
db:VULHUBid:VHN-61215
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-06428 // 
            
            
            
            VULHUB: VHN-61215 // 
            
            
            
            BID: 60221 // 
            
            
            
            JVNDB: JVNDB-2013-002855 // 
            
            
            
            CNNVD: CNNVD-201305-610 // 
            
            
            
            NVD: CVE-2013-1213

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1213
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1213
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1213
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-06428 // 
            
            
            
            VULHUB: VHN-61215 // 
            
            
            
            BID: 60221 // 
            
            
            
            JVNDB: JVNDB-2013-002855 // 
            
            
            
            CNNVD: CNNVD-201305-610 // 
            
            
            
            NVD: CVE-2013-1213

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 60221

SOURCES
db:CNVDid:CNVD-2013-06428
db:VULHUBid:VHN-61215
db:BIDid:60221
db:JVNDBid:JVNDB-2013-002855
db:CNNVDid:CNNVD-201305-610
db:NVDid:CVE-2013-1213

LAST UPDATE DATE
2024-08-14T14:21:21.521000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-06428date:2013-05-31T00:00:00
db:VULHUBid:VHN-61215date:2013-06-04T00:00:00
db:BIDid:60221date:2013-05-29T00:00:00
db:JVNDBid:JVNDB-2013-002855date:2013-05-31T00:00:00
db:CNNVDid:CNNVD-201305-610date:2013-05-31T00:00:00
db:NVDid:CVE-2013-1213date:2013-06-04T04:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-06428date:2013-05-31T00:00:00
db:VULHUBid:VHN-61215date:2013-05-29T00:00:00
db:BIDid:60221date:2013-05-29T00:00:00
db:JVNDBid:JVNDB-2013-002855date:2013-05-31T00:00:00
db:CNNVDid:CNNVD-201305-610date:2013-05-30T00:00:00
db:NVDid:CVE-2013-1213date:2013-05-29T19:55:01.110