Sign-up

ID

VAR-201307-0135


CVE

CVE-2013-1243


TITLE

Cisco ASA 5500-X IPS-SSP and IPS Sensor of Cisco IPS Software IP Service operation disruption in the stack (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003443

DESCRIPTION

The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596. Vendors have confirmed this vulnerability Bug ID CSCtx18596 It is released as.Malformed by a third party IPv4 Service disruption via packets (MainApp Process hang ) There is a possibility of being put into a state. Cisco IPS Software is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtx18596. Cisco Intrusion Prevention System (IPS) is an intrusion prevention system of Cisco (Cisco). The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors. A remote attacker can send malformed IP packets to exploit this vulnerability to cause denial of service (MainApp process hangs)

Trust: 1.98

sources: NVD: CVE-2013-1243 // JVNDB: JVNDB-2013-003443 // BID: 61294 // VULHUB: VHN-61245

AFFECTED PRODUCTS

vendor:ciscomodel:ips 4360 sensorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ips 4345 sensorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ips 4510 sensorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ips 4520 sensorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ips nmescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:idsm-2scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:asa 5585-xscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:asa 5500-x series ips ssp softwarescope:eqversion:7.1

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:lteversion:7.1

Trust: 1.0

vendor:ciscomodel:asa 5500-x series ips security services processor softwarescope:eqversion:(ips ssp)(*1)

Trust: 0.8

vendor:ciscomodel:asa 5585-xscope:ltversion:(cisco ips 7.1(5)e4 )(*1)

Trust: 0.8

vendor:ciscomodel:intrusion prevention system softwarescope:ltversion:7.1(6)e4

Trust: 0.8

vendor:ciscomodel:ips 4345 sensorscope:ltversion:(cisco ips 7.1(5)e4 )(*3)

Trust: 0.8

vendor:ciscomodel:ips 4360 sensorscope:ltversion:(cisco ips 7.1(5)e4 )(*3)

Trust: 0.8

vendor:ciscomodel:ips 4510 sensorscope:ltversion:(cisco ips 7.1(6)e4 )(*2)

Trust: 0.8

vendor:ciscomodel:ips 4520 sensorscope:ltversion:(cisco ips 7.1(6)e4 )(*2)

Trust: 0.8

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.1

Trust: 0.6

sources: JVNDB: JVNDB-2013-003443 // CNNVD: CNNVD-201307-396 // NVD: CVE-2013-1243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1243
value: HIGH

Trust: 1.0

NVD: CVE-2013-1243
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-396
value: HIGH

Trust: 0.6

VULHUB: VHN-61245
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1243
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61245
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61245 // JVNDB: JVNDB-2013-003443 // CNNVD: CNNVD-201307-396 // NVD: CVE-2013-1243

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-61245 // JVNDB: JVNDB-2013-003443 // NVD: CVE-2013-1243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-396

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201307-396

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003443

PATCH
title:29271url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29271
Trust: 0.8
title:cisco-sa-20130717-ipsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips
Trust: 0.8
title:30023url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30023
Trust: 0.8
title:cisco-sa-20130717-ipsurl:http://www.cisco.com/cisco/web/support/JP/111/1118/1118530_cisco-sa-20130717-ips-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003443

EXTERNAL IDS
db:NVDid:CVE-2013-1243
Trust: 2.8
db:JVNDBid:JVNDB-2013-003443
Trust: 0.8
db:CNNVDid:CNNVD-201307-396
Trust: 0.7
db:CISCOid:20130717 MULTIPLE VULNERABILITIES IN CISCO INTRUSION PREVENTION SYSTEM SOFTWARE
Trust: 0.6
db:BIDid:61294
Trust: 0.4
db:VULHUBid:VHN-61245
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61245 // 
            
            
            
            BID: 61294 // 
            
            
            
            JVNDB: JVNDB-2013-003443 // 
            
            
            
            CNNVD: CNNVD-201307-396 // 
            
            
            
            NVD: CVE-2013-1243

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-ips
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1243
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1243
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30023
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61245 // 
            
            
            
            BID: 61294 // 
            
            
            
            JVNDB: JVNDB-2013-003443 // 
            
            
            
            CNNVD: CNNVD-201307-396 // 
            
            
            
            NVD: CVE-2013-1243

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 61294

SOURCES
db:VULHUBid:VHN-61245
db:BIDid:61294
db:JVNDBid:JVNDB-2013-003443
db:CNNVDid:CNNVD-201307-396
db:NVDid:CVE-2013-1243

LAST UPDATE DATE
2024-08-14T14:34:19.206000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61245date:2013-10-11T00:00:00
db:BIDid:61294date:2013-07-17T00:00:00
db:JVNDBid:JVNDB-2013-003443date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-396date:2013-08-02T00:00:00
db:NVDid:CVE-2013-1243date:2013-10-11T14:44:31.167

SOURCES RELEASE DATE
db:VULHUBid:VHN-61245date:2013-07-18T00:00:00
db:BIDid:61294date:2013-07-17T00:00:00
db:JVNDBid:JVNDB-2013-003443date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-396date:2013-07-22T00:00:00
db:NVDid:CVE-2013-1243date:2013-07-18T12:48:56.927