ID
VAR-201309-0437
CVE
CVE-2013-5498
TITLE
Cisco IOS XR of CRS Carrier-Grade Service engine and ASR 9000 Integrated Service Module Service disruption in (DoS) Vulnerabilities
Trust: 0.8
sources:
JVNDB: JVNDB-2013-004360
DESCRIPTION
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. The vulnerability is due to a problem with the processing of the packet sequence in the PPTP-ALG. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCue91963
Trust: 2.52
sources:
NVD: CVE-2013-5498 //
JVNDB: JVNDB-2013-004360 //
CNVD: CNVD-2013-13384 //
BID: 62651 //
VULHUB: VHN-65500
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13384
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xr | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | ios xr | scope: | lte | version: | 4.3.1 | Trust: 0.8 |
| vendor: | cisco | model: | ios xr software | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios xr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.7.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.8.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.6.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.4.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.3.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.8.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.6.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.0.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.3.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.9 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.0.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.9.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.5.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.5.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.1.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.4.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2.50 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.3.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.6 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.7.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.4.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.8.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.3.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.6.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.8.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.7 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.5.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2.6 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.9.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.8 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 3.2.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.0.4 | Trust: 0.3 |
sources:
CNVD: CNVD-2013-13384 //
BID: 62651 //
JVNDB: JVNDB-2013-004360 //
CNNVD: CNNVD-201309-500 //
NVD: CVE-2013-5498
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2013-13384 //
VULHUB: VHN-65500 //
JVNDB: JVNDB-2013-004360 //
CNNVD: CNNVD-201309-500 //
NVD: CVE-2013-5498
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
sources:
VULHUB: VHN-65500 //
JVNDB: JVNDB-2013-004360 //
NVD: CVE-2013-5498
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201309-500
TYPE
input validation
Trust: 0.6
sources:
CNNVD: CNNVD-201309-500
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-004360
PATCH
| title: | Cisco IOS XR Software CGSE and ISM Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5498 | Trust: 0.8 |
| title: | 30994 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=30994 | Trust: 0.8 |
| title: | Patch for Cisco IOS XR Software CGSE and ISM Remote Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/39885 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13384 //
JVNDB: JVNDB-2013-004360
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-5498 | Trust: 3.4 |
| db: | BID | id: | 62651 | Trust: 2.0 |
| db: | OSVDB | id: | 97777 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2013-004360 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201309-500 | Trust: 0.7 |
| db: | SECUNIA | id: | 55072 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2013-13384 | Trust: 0.6 |
| db: | CISCO | id: | 20130926 CISCO IOS XR SOFTWARE CGSE AND ISM VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-65500 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-13384 //
VULHUB: VHN-65500 //
BID: 62651 //
JVNDB: JVNDB-2013-004360 //
CNNVD: CNNVD-201309-500 //
NVD: CVE-2013-5498
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5498 | Trust: 2.3 |
| url: | http://www.securityfocus.com/bid/62651 | Trust: 1.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=30994 | Trust: 1.1 |
| url: | http://osvdb.org/97777 | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/87462 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5498 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5498 | Trust: 0.8 |
| url: | http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscue91963 | Trust: 0.6 |
| url: | http://secunia.com/advisories/55072/ | Trust: 0.6 |
| url: | http://www.cisco.com/en/us/products/ps5845/index.html | Trust: 0.3 |
sources:
CNVD: CNVD-2013-13384 //
VULHUB: VHN-65500 //
BID: 62651 //
JVNDB: JVNDB-2013-004360 //
CNNVD: CNNVD-201309-500 //
NVD: CVE-2013-5498
CREDITS
Cisco
Trust: 0.3
sources:
BID: 62651
SOURCES
| db: | CNVD | id: | CNVD-2013-13384 |
| db: | VULHUB | id: | VHN-65500 |
| db: | BID | id: | 62651 |
| db: | JVNDB | id: | JVNDB-2013-004360 |
| db: | CNNVD | id: | CNNVD-201309-500 |
| db: | NVD | id: | CVE-2013-5498 |
LAST UPDATE DATE
2024-11-23T22:23:13.350000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-13384 | date: | 2013-09-30T00:00:00 |
| db: | VULHUB | id: | VHN-65500 | date: | 2017-08-29T00:00:00 |
| db: | BID | id: | 62651 | date: | 2013-09-28T00:16:00 |
| db: | JVNDB | id: | JVNDB-2013-004360 | date: | 2013-10-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-201309-500 | date: | 2013-09-30T00:00:00 |
| db: | NVD | id: | CVE-2013-5498 | date: | 2024-11-21T01:57:35.450 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-13384 | date: | 2013-09-29T00:00:00 |
| db: | VULHUB | id: | VHN-65500 | date: | 2013-09-27T00:00:00 |
| db: | BID | id: | 62651 | date: | 2013-09-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004360 | date: | 2013-10-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-201309-500 | date: | 2013-09-30T00:00:00 |
| db: | NVD | id: | CVE-2013-5498 | date: | 2013-09-27T20:55:04.377 |