Sign-up

ID

VAR-201308-0214


CVE

CVE-2013-3467


TITLE

Cisco UCS Running on any fabric interconnect device CLI Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003943

DESCRIPTION

Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103. Cisco Unified Computing System is prone to multiple local denial-of-service vulnerabilities. Local attacker can exploit these issues to cause an affected device to reload or become unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCug20103. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by not releasing memory after executing CLI commands and not configuring a SPAN session

Trust: 1.98

sources: NVD: CVE-2013-3467 // JVNDB: JVNDB-2013-003943 // BID: 62065 // VULHUB: VHN-63469

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 6120xp fabric interconnectscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system 6140xp fabric interconnectscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ucs 6120xp-20 port fabric interconnectscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs 6140xp-40 port fabric interconnectscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-003943 // CNNVD: CNNVD-201308-478 // NVD: CVE-2013-3467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3467
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3467
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-478
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63469
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3467
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63469
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63469 // JVNDB: JVNDB-2013-003943 // CNNVD: CNNVD-201308-478 // NVD: CVE-2013-3467

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-63469 // JVNDB: JVNDB-2013-003943 // NVD: CVE-2013-3467

THREAT TYPE

local

Trust: 0.9

sources: BID: 62065 // CNNVD: CNNVD-201308-478

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201308-478

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003943

PATCH
title:Cisco UCS 6100 Fabric Interconnect Memory Leakurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3467
Trust: 0.8
title:30547url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30547
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003943

EXTERNAL IDS
db:NVDid:CVE-2013-3467
Trust: 2.8
db:BIDid:62065
Trust: 2.0
db:OSVDBid:96731
Trust: 1.1
db:SECTRACKid:1028960
Trust: 1.1
db:JVNDBid:JVNDB-2013-003943
Trust: 0.8
db:CNNVDid:CNNVD-201308-478
Trust: 0.7
db:CISCOid:20130829 CISCO UCS 6100 FABRIC INTERCONNECT MEMORY LEAK
Trust: 0.6
db:VULHUBid:VHN-63469
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63469 // 
            
            
            
            BID: 62065 // 
            
            
            
            JVNDB: JVNDB-2013-003943 // 
            
            
            
            CNNVD: CNNVD-201308-478 // 
            
            
            
            NVD: CVE-2013-3467

REFERENCES
url:http://www.securityfocus.com/bid/62065
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3467
Trust: 1.7
url:http://osvdb.org/96731
Trust: 1.1
url:http://www.securitytracker.com/id/1028960
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3467
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3467
Trust: 0.8
sources:
            
            
            VULHUB: VHN-63469 // 
            
            
            
            JVNDB: JVNDB-2013-003943 // 
            
            
            
            CNNVD: CNNVD-201308-478 // 
            
            
            
            NVD: CVE-2013-3467

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 62065

SOURCES
db:VULHUBid:VHN-63469
db:BIDid:62065
db:JVNDBid:JVNDB-2013-003943
db:CNNVDid:CNNVD-201308-478
db:NVDid:CVE-2013-3467

LAST UPDATE DATE
2024-08-14T13:35:40.144000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63469date:2016-11-07T00:00:00
db:BIDid:62065date:2013-08-30T00:15:00
db:JVNDBid:JVNDB-2013-003943date:2013-09-02T00:00:00
db:CNNVDid:CNNVD-201308-478date:2013-09-02T00:00:00
db:NVDid:CVE-2013-3467date:2016-11-07T15:02:13.347

SOURCES RELEASE DATE
db:VULHUBid:VHN-63469date:2013-08-30T00:00:00
db:BIDid:62065date:2013-08-29T00:00:00
db:JVNDBid:JVNDB-2013-003943date:2013-09-02T00:00:00
db:CNNVDid:CNNVD-201308-478date:2013-08-30T00:00:00
db:NVDid:CVE-2013-3467date:2013-08-30T01:55:08.527