Sign-up

ID

VAR-201308-0138


CVE

CVE-2013-1190


TITLE

Cisco Unified Computing System of C-Series Rack Server Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003632

DESCRIPTION

The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850. Cisco Unified Computing System is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCtx19850. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2013-1190 // JVNDB: JVNDB-2013-003632 // BID: 61570 // VULHUB: VHN-61192

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system softwarescope:lteversion:1.4(3s)

Trust: 0.8

sources: BID: 61570 // JVNDB: JVNDB-2013-003632 // CNNVD: CNNVD-201308-017 // NVD: CVE-2013-1190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1190
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1190
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-017
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61192
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1190
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61192
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61192 // JVNDB: JVNDB-2013-003632 // CNNVD: CNNVD-201308-017 // NVD: CVE-2013-1190

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-61192 // JVNDB: JVNDB-2013-003632 // NVD: CVE-2013-1190

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-017

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-017

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003632

PATCH
title:Cisco Integrated Management Controller Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1190
Trust: 0.8
title:30270url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30270
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003632

EXTERNAL IDS
db:NVDid:CVE-2013-1190
Trust: 2.8
db:JVNDBid:JVNDB-2013-003632
Trust: 0.8
db:CNNVDid:CNNVD-201308-017
Trust: 0.7
db:CISCOid:20130731 CISCO INTEGRATED MANAGEMENT CONTROLLER DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:61570
Trust: 0.4
db:VULHUBid:VHN-61192
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61192 // 
            
            
            
            BID: 61570 // 
            
            
            
            JVNDB: JVNDB-2013-003632 // 
            
            
            
            CNNVD: CNNVD-201308-017 // 
            
            
            
            NVD: CVE-2013-1190

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1190
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1190
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1190
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30270
Trust: 0.3
url:tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1190
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61192 // 
            
            
            
            BID: 61570 // 
            
            
            
            JVNDB: JVNDB-2013-003632 // 
            
            
            
            CNNVD: CNNVD-201308-017 // 
            
            
            
            NVD: CVE-2013-1190

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61570

SOURCES
db:VULHUBid:VHN-61192
db:BIDid:61570
db:JVNDBid:JVNDB-2013-003632
db:CNNVDid:CNNVD-201308-017
db:NVDid:CVE-2013-1190

LAST UPDATE DATE
2024-08-14T14:40:25.618000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61192date:2013-10-07T00:00:00
db:BIDid:61570date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-003632date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201308-017date:2013-08-07T00:00:00
db:NVDid:CVE-2013-1190date:2013-10-07T20:08:02.167

SOURCES RELEASE DATE
db:VULHUBid:VHN-61192date:2013-08-02T00:00:00
db:BIDid:61570date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-003632date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201308-017date:2013-08-05T00:00:00
db:NVDid:CVE-2013-1190date:2013-08-02T12:10:40.373