Details of VAR-201309-0454

ID

VAR-201309-0454

CVE

CVE-2013-5488

TITLE

plural Cisco Used in products Cisco Common Services Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004095

DESCRIPTION

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. Vendors have confirmed this vulnerability Bug ID CSCuh54766 , CSCuh01267 , CSCuh95976 ,and CSCuh95969 It is released as.Executed simultaneously by a third party TCP Service disruption through session ( Memory consumption ) There is a possibility of being put into a state. Multiple Cisco products is prone to a denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to consume memory resources, resulting in a denial-of-service condition This issue is being tracked by Cisco Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. ActiveMQ is one of the open source message middleware components, which supports Java message service, cluster, Spring Framework, etc. An attacker could exploit this vulnerability by opening multiple concurrent TCP sessions to exhaust available memory, causing a denial of service (process hang or crash)

Trust: 1.98

sources: NVD: CVE-2013-5488 // JVNDB: JVNDB-2013-004095 // BID: 62333 // VULHUB: VHN-65490

AFFECTED PRODUCTS

vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	security manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	prime lan management solution	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified operations manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified service monitor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.2	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	unified operations manager sp1	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	security manager sp4	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp3	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp4	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager sp3	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 62333 // JVNDB: JVNDB-2013-004095 // CNNVD: CNNVD-201309-165 // NVD: CVE-2013-5488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5488
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5488
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-165
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65490
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5488
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65490
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65490 // JVNDB: JVNDB-2013-004095 // CNNVD: CNNVD-201309-165 // NVD: CVE-2013-5488

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65490 // JVNDB: JVNDB-2013-004095 // NVD: CVE-2013-5488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-165

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-165

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004095

PATCH

title:	Common Services ActiveMQ Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488	Trust: 0.8
title:	30749	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30749	Trust: 0.8

sources: JVNDB: JVNDB-2013-004095

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5488	Trust: 2.8
db:	BID	id:	62333	Trust: 1.4
db:	JVNDB	id:	JVNDB-2013-004095	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-165	Trust: 0.7
db:	CISCO	id:	20130911 COMMON SERVICES ACTIVEMQ DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65490	Trust: 0.1

sources: VULHUB: VHN-65490 // BID: 62333 // JVNDB: JVNDB-2013-004095 // CNNVD: CNNVD-201309-165 // NVD: CVE-2013-5488

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5488	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30749	Trust: 1.4
url:	http://www.securityfocus.com/bid/62333	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87026	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5488	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5488	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/prod/collateral/vpndevc/ps5739/ps6498/data_sheet_c78-458677-00_ps6498_products_data_sheet.html	Trust: 0.3

sources: VULHUB: VHN-65490 // BID: 62333 // JVNDB: JVNDB-2013-004095 // CNNVD: CNNVD-201309-165 // NVD: CVE-2013-5488

CREDITS

Cisco

Trust: 0.3

sources: BID: 62333

SOURCES

db:	VULHUB	id:	VHN-65490
db:	BID	id:	62333
db:	JVNDB	id:	JVNDB-2013-004095
db:	CNNVD	id:	CNNVD-201309-165
db:	NVD	id:	CVE-2013-5488

LAST UPDATE DATE

2024-11-23T23:05:52.895000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65490	date:	2017-08-29T00:00:00
db:	BID	id:	62333	date:	2015-03-19T09:34:00
db:	JVNDB	id:	JVNDB-2013-004095	date:	2013-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201309-165	date:	2013-09-16T00:00:00
db:	NVD	id:	CVE-2013-5488	date:	2024-11-21T01:57:34.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65490	date:	2013-09-12T00:00:00
db:	BID	id:	62333	date:	2013-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-004095	date:	2013-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201309-165	date:	2013-09-16T00:00:00
db:	NVD	id:	CVE-2013-5488	date:	2013-09-12T13:28:32.207