Sign-up

ID

VAR-201307-0197


CVE

CVE-2013-3410


TITLE

Cisco IPS NME of Cisco Intrusion Prevention System Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003447

DESCRIPTION

Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977. Cisco IPS Software is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the system to reload, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCua61977. Cisco Intrusion Prevention System (IPS) is an intrusion prevention system of Cisco (Cisco). The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

Trust: 1.98

sources: NVD: CVE-2013-3410 // JVNDB: JVNDB-2013-003447 // BID: 61301 // VULHUB: VHN-63412

AFFECTED PRODUCTS

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(6\)e4

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(1\)e3

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(2\)e3

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(2\)e4

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(7\)e4

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(3\)e4

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(4\)e4

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(5a\)e4

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:intrusion prevention systemscope:lteversion:7.0\(8\)e4

Trust: 1.0

vendor:ciscomodel:ips nmescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:intrusion prevention system network module enhancedscope:eqversion:(ips nme)

Trust: 0.8

vendor:ciscomodel:intrusion prevention system softwarescope:ltversion:7.0(9)e4

Trust: 0.8

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0\(8\)e4

Trust: 0.6

vendor:ciscomodel:ips softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:intrusion prevention system network module enhancedscope:eqversion:0

Trust: 0.3

sources: BID: 61301 // JVNDB: JVNDB-2013-003447 // CNNVD: CNNVD-201307-400 // NVD: CVE-2013-3410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3410
value: HIGH

Trust: 1.0

NVD: CVE-2013-3410
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-400
value: HIGH

Trust: 0.6

VULHUB: VHN-63412
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3410
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63412
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63412 // JVNDB: JVNDB-2013-003447 // CNNVD: CNNVD-201307-400 // NVD: CVE-2013-3410

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-63412 // JVNDB: JVNDB-2013-003447 // NVD: CVE-2013-3410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-400

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201307-400

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003447

PATCH
title:29271url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29271
Trust: 0.8
title:cisco-sa-20130717-ipsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips
Trust: 0.8
title:30025url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30025
Trust: 0.8
title:cisco-sa-20130717-ipsurl:http://www.cisco.com/cisco/web/support/JP/111/1118/1118530_cisco-sa-20130717-ips-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003447

EXTERNAL IDS
db:NVDid:CVE-2013-3410
Trust: 2.8
db:SECUNIAid:54243
Trust: 1.1
db:JVNDBid:JVNDB-2013-003447
Trust: 0.8
db:CNNVDid:CNNVD-201307-400
Trust: 0.7
db:CISCOid:20130717 MULTIPLE VULNERABILITIES IN CISCO INTRUSION PREVENTION SYSTEM SOFTWARE
Trust: 0.6
db:BIDid:61301
Trust: 0.4
db:VULHUBid:VHN-63412
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63412 // 
            
            
            
            BID: 61301 // 
            
            
            
            JVNDB: JVNDB-2013-003447 // 
            
            
            
            CNNVD: CNNVD-201307-400 // 
            
            
            
            NVD: CVE-2013-3410

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-ips
Trust: 1.7
url:http://secunia.com/advisories/54243
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3410
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3410
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63412 // 
            
            
            
            BID: 61301 // 
            
            
            
            JVNDB: JVNDB-2013-003447 // 
            
            
            
            CNNVD: CNNVD-201307-400 // 
            
            
            
            NVD: CVE-2013-3410

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 61301

SOURCES
db:VULHUBid:VHN-63412
db:BIDid:61301
db:JVNDBid:JVNDB-2013-003447
db:CNNVDid:CNNVD-201307-400
db:NVDid:CVE-2013-3410

LAST UPDATE DATE
2024-08-14T14:34:19.145000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63412date:2013-08-20T00:00:00
db:BIDid:61301date:2013-07-17T00:00:00
db:JVNDBid:JVNDB-2013-003447date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-400date:2014-02-26T00:00:00
db:NVDid:CVE-2013-3410date:2013-08-20T03:23:32.887

SOURCES RELEASE DATE
db:VULHUBid:VHN-63412date:2013-07-18T00:00:00
db:BIDid:61301date:2013-07-17T00:00:00
db:JVNDBid:JVNDB-2013-003447date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-400date:2013-07-18T00:00:00
db:NVDid:CVE-2013-3410date:2013-07-18T12:48:56.953