Details of VAR-201309-0298

ID

VAR-201309-0298

CVE

CVE-2013-5473

TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004338

DESCRIPTION

Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is that the affected software incorrectly processes the specially crafted IKE packet. The attacker can send a special IKEv1 packet to the device configured with IKEv1 through UDP port 500, 848 or 4500 to trigger the vulnerability. The successful exploitation of the vulnerability can prevent the Cisco IOS software from being released. Memory has been allocated, causing a memory leak. A sustained attack can be overloaded with the device, causing a denial of service attack. The following devices are affected by this vulnerability: Cisco Cisco IOS XE Software 3.4S .2, .3, .4 | 3.6S .0, BaseCiscoIOS 15.1M 15.1(4)M3, 15.1(4)M3a, 15.1(4)M4 | 15.1MR 15.1(3)MR | 15.1S 15.1(3)S2, 15.1(3)S3, 15.1(3)S4, 15.1(3)S5, 15.1(3)S5a | 15.1XB 15.1(4)XB7, 15.1(4) XB8a | 15.2GC 15.2(3)GC | 15.2GCA 15.2(3)GCA | 15.2S 15.2(2)S | 15.2T 15.2(3)T, 15.2(3)T1, 15.2(3)T2 | 15.2XA 15.2( 3) XA. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtx66011

Trust: 2.52

sources: NVD: CVE-2013-5473 // JVNDB: JVNDB-2013-004338 // CNVD: CNVD-2013-13333 // BID: 62643 // VULHUB: VHN-65475

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13333

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.5s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s to 3.4.5s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.6.xs	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.6.0s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s2	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2013-13333 // BID: 62643 // JVNDB: JVNDB-2013-004338 // CNNVD: CNNVD-201309-484 // NVD: CVE-2013-5473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5473
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5473
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13333
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201309-484
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65475
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5473
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13333
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65475
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13333 // VULHUB: VHN-65475 // JVNDB: JVNDB-2013-004338 // CNNVD: CNNVD-201309-484 // NVD: CVE-2013-5473

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-65475 // JVNDB: JVNDB-2013-004338 // NVD: CVE-2013-5473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-484

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201309-484

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004338

PATCH

title:	cisco-sa-20130925-ike	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ike	Trust: 0.8
title:	30696	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30696	Trust: 0.8
title:	cisco-sa-20130925-ike	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119885_cisco-sa-20130925-ike-j.html	Trust: 0.8
title:	Cisco IOS/IOS XE Internet Key Exchange to Handle Patches for Remote Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/39877	Trust: 0.6

sources: CNVD: CNVD-2013-13333 // JVNDB: JVNDB-2013-004338

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5473	Trust: 3.4
db:	BID	id:	62643	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-004338	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-484	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13333	Trust: 0.6
db:	CISCO	id:	20130925 CISCO IOS SOFTWARE INTERNET KEY EXCHANGE MEMORY LEAK VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65475	Trust: 0.1

sources: CNVD: CNVD-2013-13333 // VULHUB: VHN-65475 // BID: 62643 // JVNDB: JVNDB-2013-004338 // CNNVD: CNNVD-201309-484 // NVD: CVE-2013-5473

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130925-ike	Trust: 2.6
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30696	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5473	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5473	Trust: 0.8
url:	http://www.securityfocus.com/bid/62643	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	https://tools.cisco.com/bugsearch/bug/cscuj03174	Trust: 0.3

sources: CNVD: CNVD-2013-13333 // VULHUB: VHN-65475 // BID: 62643 // JVNDB: JVNDB-2013-004338 // CNNVD: CNNVD-201309-484 // NVD: CVE-2013-5473

CREDITS

Cisco

Trust: 0.9

sources: BID: 62643 // CNNVD: CNNVD-201309-484

SOURCES

db:	CNVD	id:	CNVD-2013-13333
db:	VULHUB	id:	VHN-65475
db:	BID	id:	62643
db:	JVNDB	id:	JVNDB-2013-004338
db:	CNNVD	id:	CNNVD-201309-484
db:	NVD	id:	CVE-2013-5473

LAST UPDATE DATE

2024-11-23T23:05:53.039000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13333	date:	2013-09-29T00:00:00
db:	VULHUB	id:	VHN-65475	date:	2013-10-07T00:00:00
db:	BID	id:	62643	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004338	date:	2013-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201309-484	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5473	date:	2024-11-21T01:57:32.793

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13333	date:	2013-09-27T00:00:00
db:	VULHUB	id:	VHN-65475	date:	2013-09-27T00:00:00
db:	BID	id:	62643	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004338	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201309-484	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5473	date:	2013-09-27T10:08:04.197