Details of VAR-201309-0446

ID

VAR-201309-0446

CVE

CVE-2013-5478

TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004343

DESCRIPTION

Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is caused by incorrectly parsing UDP RSVP packets. The attacker can send UDP RSVP packets to the affected device to exploit the vulnerability. Wedge), which can cause link loss, interrupt communication and other denial of service conditions. The following products are affected by this vulnerability: Cisco Cisco IOS XE Software 3.2S .0, .1, .2 | 3.3S .0, .1, .2 | 3.4S .0, .1, .2, .3, .4 | 3.5S .0, .1, .2, Base | 3.6S .0, .1, .2, Base | 3.7S .0, .1, BaseCiscoIOS15.0(1)M1 Base | 15.0M 15.0(1)M , 15.0(1)M10, 15.0(1)M2, 15.0(1)M3, 15.0(1)M4, 15.0(1)M5, 15.0(1)M6, 15.0(1)M6a, 15.0(1)M7, 15.0 (1) M8, 15.0(1)M9 | 15.0SY 15.0(1)SY, 15.0(1)SY1, 15.0(1)SY2, 15.0(1)SY3, 15.0(1)SY4 | 15.0XA 15.0(1)XA , 15.0(1)XA1, 15.0(1)XA2, 15.0(1)XA3, 15.0(1)XA4, 15.0(1)XA5 | 15.1(2)T Base | 15.1EY 15.1(2)EY, 15.1(2) EY1, 15.1(2)EY1a, 15.1(2)EY2, 15.1(2)EY2a, 15.1(2)EY3, 15.1(2)EY4 | 15.1GC 15.1(2)GC, 15.1(2)GC1, 15.1(2) GC2, 15.1(4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1(4)M2, 15.1(4) M3, 15.1(4)M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1MR 15.1(1)MR, 15.1(1)MR1, 15.1(1)MR2, 15.1(1) MR3, 15.1(1)MR4, 15.1(1)MR5, 15.1(1)MR6, 15.1(3)MR | 15.1MRA 15.1(3)MRA, 15.1(3)MRA1 | 15.1S 15.1(1)S, 15.1( 1) S1, 15.1(1)S2, 15.1(2)S, 15.1(2)S1, 15.1(2)S2, 15.1(3)S, 15.1 (3) S0a, 15.1(3)S1, 15.1(3)S2, 15.1(3)S3, 15.1(3)S4, 15.1(3)S5, 15.1(3)S5a | 15.1SA 15.1(1)SA, 15.1 (1) SA1, 15.1(1)SA2 | 15.1SNG 15.1(2)SNG | 15.1SNH 15.1(2)SNH, 15.1(2)SNH1 | 15.1SNI 15.1(2)SNI | 15.1SY 15.1(1)SY, 15.1 (1) SY1 | 15.1T 15.1(1)T, 15.1(1)T1, 15.1(1)T2, 15.1(1)T3, 15.1(1)T4, 15.1(1)T5, 15.1(2)T0a, 15.1 (2) T1, 15.1(2)T2, 15.1(2)T2a, 15.1(2)T3, 15.1(2)T4, 15.1(2)T5, 15.1(3)T, 15.1(3)T1, 15.1(3 ) T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(1)XB, 15.1(1)XB1, 15.1(1)XB2, 15.1(1)XB3, 15.1(4)XB4, 15.1(4 ) XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1(4)XB8a | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2 ) GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2M 15.2(4)M, 15.2(4)M1, 15.2(4)M2, 15.2(4)M3 | 15.2 S 15.2(1)S, 15.2(1)S1, 15.2(1)S2, 15.2(2)S, 15.2(2)S0a, 15.2(2)S0c, 15.2(2)S0d, 15.2(2)S1, 15.2 (2) S2, 15.2(4)S, 15.2(4)S0c, 15.2(4)S1, 15.2(4)S2, 15.2(4)S3, 15.2(4)S3a | 15.2SA 15.2(1)SA | 15.2 SB 15.2(1)SB, 15.2(1)SB1, 15.2(1)SB3, 15.2(1)SB4 | 15.2SC 15.2(1)SC1a | 15.2SNG 15.2(2)SNG | 15 .2SNH 15.2(2)SNH, 15.2(2)SNH1 | 15.2SNI 15.2(2)SNI | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2( 1) T3a, 15.2(1)T4, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2(3) T2, 15.2(3)T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3S 15.3(1)S, 15.3(1)S1, 15.3(1)S1e, 15.3(1)S2 | 15.3T 15.3(1)T, 15.3(1)T1, 15.3(2)T. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuf17023

Trust: 2.52

sources: NVD: CVE-2013-5478 // JVNDB: JVNDB-2013-004343 // CNVD: CNVD-2013-13326 // BID: 62646 // VULHUB: VHN-65480

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13326

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.00.xo.15.0\(2\)xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0sg	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.xs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.3sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.xs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.4sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.3	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2 to 3.8	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-13326 // BID: 62646 // JVNDB: JVNDB-2013-004343 // CNNVD: CNNVD-201309-486 // NVD: CVE-2013-5478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5478
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5478
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13326
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201309-486
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65480
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5478
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13326
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65480
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13326 // VULHUB: VHN-65480 // JVNDB: JVNDB-2013-004343 // CNNVD: CNNVD-201309-486 // NVD: CVE-2013-5478

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65480 // JVNDB: JVNDB-2013-004343 // NVD: CVE-2013-5478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-486

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-486

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004343

PATCH

title:	30053	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30053	Trust: 0.8
title:	cisco-sa-20130925-rsvp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp	Trust: 0.8
title:	30701	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30701	Trust: 0.8
title:	cisco-sa-20130925-rsvp	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119889_cisco-sa-20130925-rsvp-j.html	Trust: 0.8
title:	Cisco IOS/IOS XE RSVP Interface Queue Inserts Patch for Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/39851	Trust: 0.6

sources: CNVD: CNVD-2013-13326 // JVNDB: JVNDB-2013-004343

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5478	Trust: 3.4
db:	BID	id:	62646	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-004343	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-486	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13326	Trust: 0.6
db:	CISCO	id:	20130925 CISCO IOS SOFTWARE RESOURCE RESERVATION PROTOCOL INTERFACE QUEUE WEDGE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65480	Trust: 0.1

sources: CNVD: CNVD-2013-13326 // VULHUB: VHN-65480 // BID: 62646 // JVNDB: JVNDB-2013-004343 // CNNVD: CNNVD-201309-486 // NVD: CVE-2013-5478

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130925-rsvp	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5478	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5478	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30701	Trust: 0.6
url:	http://www.securityfocus.com/bid/62646	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2013-13326 // VULHUB: VHN-65480 // BID: 62646 // JVNDB: JVNDB-2013-004343 // CNNVD: CNNVD-201309-486 // NVD: CVE-2013-5478

CREDITS

Cisco

Trust: 0.9

sources: BID: 62646 // CNNVD: CNNVD-201309-486

SOURCES

db:	CNVD	id:	CNVD-2013-13326
db:	VULHUB	id:	VHN-65480
db:	BID	id:	62646
db:	JVNDB	id:	JVNDB-2013-004343
db:	CNNVD	id:	CNNVD-201309-486
db:	NVD	id:	CVE-2013-5478

LAST UPDATE DATE

2024-11-23T21:55:31.210000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13326	date:	2013-09-29T00:00:00
db:	VULHUB	id:	VHN-65480	date:	2013-10-07T00:00:00
db:	BID	id:	62646	date:	2014-03-12T15:43:00
db:	JVNDB	id:	JVNDB-2013-004343	date:	2013-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201309-486	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5478	date:	2024-11-21T01:57:33.417

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13326	date:	2013-09-27T00:00:00
db:	VULHUB	id:	VHN-65480	date:	2013-09-27T00:00:00
db:	BID	id:	62646	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004343	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201309-486	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5478	date:	2013-09-27T10:08:04.307