Details of VAR-201309-0443

ID

VAR-201309-0443

CVE

CVE-2013-5475

TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004340

DESCRIPTION

Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. Cisco IOS and IOS XE There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS has a security hole in the DHCP implementation. An unauthenticated remote attacker exploiting this vulnerability could result in a denial of service. Attackers can exploit this issue to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCug31561. The vulnerability is caused by the program not correctly parsing DHCP packets

Trust: 2.52

sources: NVD: CVE-2013-5475 // JVNDB: JVNDB-2013-004340 // CNVD: CNVD-2013-13403 // BID: 62644 // VULHUB: VHN-65477

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13403

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.3sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.4sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.xs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.5s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.xs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.3s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.5.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.00.xo.15.0\(2\)xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.5.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2 to 12.4	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.3	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1 to 3.9	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.x	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-13403 // BID: 62644 // JVNDB: JVNDB-2013-004340 // CNNVD: CNNVD-201309-495 // NVD: CVE-2013-5475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5475
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5475
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13403
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201309-495
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65477
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5475
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13403
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65477
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13403 // VULHUB: VHN-65477 // JVNDB: JVNDB-2013-004340 // CNNVD: CNNVD-201309-495 // NVD: CVE-2013-5475

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65477 // JVNDB: JVNDB-2013-004340 // NVD: CVE-2013-5475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-495

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-495

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004340

PATCH

title:	cisco-sa-20130925-dhcp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp	Trust: 0.8
title:	Cisco IOS Software DHCP Denial of Service	url:	http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=2763&signatureSubId=0&softwareVersion=6.0&releaseVersion=S744	Trust: 0.8
title:	30698	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30698	Trust: 0.8
title:	cisco-sa-20130925-dhcp	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119884_cisco-sa-20130925-dhcp-j.html	Trust: 0.8
title:	Patch for Cisco IOS and IOS XE DHCP Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/39909	Trust: 0.6

sources: CNVD: CNVD-2013-13403 // JVNDB: JVNDB-2013-004340

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5475	Trust: 3.4
db:	BID	id:	62644	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-004340	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-495	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13403	Trust: 0.6
db:	CISCO	id:	20130925 CISCO IOS SOFTWARE DHCP DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65477	Trust: 0.1

sources: CNVD: CNVD-2013-13403 // VULHUB: VHN-65477 // BID: 62644 // JVNDB: JVNDB-2013-004340 // CNNVD: CNNVD-201309-495 // NVD: CVE-2013-5475

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130925-dhcp	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5475	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5475	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30698	Trust: 0.6
url:	http://www.securityfocus.com/bid/62644	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-13403 // VULHUB: VHN-65477 // BID: 62644 // JVNDB: JVNDB-2013-004340 // CNNVD: CNNVD-201309-495 // NVD: CVE-2013-5475

CREDITS

Cisco

Trust: 0.9

sources: BID: 62644 // CNNVD: CNNVD-201309-495

SOURCES

db:	CNVD	id:	CNVD-2013-13403
db:	VULHUB	id:	VHN-65477
db:	BID	id:	62644
db:	JVNDB	id:	JVNDB-2013-004340
db:	CNNVD	id:	CNNVD-201309-495
db:	NVD	id:	CVE-2013-5475

LAST UPDATE DATE

2024-11-23T22:42:40.112000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13403	date:	2013-09-30T00:00:00
db:	VULHUB	id:	VHN-65477	date:	2013-10-07T00:00:00
db:	BID	id:	62644	date:	2013-09-26T00:17:00
db:	JVNDB	id:	JVNDB-2013-004340	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201309-495	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5475	date:	2024-11-21T01:57:33.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13403	date:	2013-09-30T00:00:00
db:	VULHUB	id:	VHN-65477	date:	2013-09-27T00:00:00
db:	BID	id:	62644	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004340	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201309-495	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5475	date:	2013-09-27T10:08:04.243