Details of VAR-201310-0202

ID

VAR-201310-0202

CVE

CVE-2013-3415

TITLE

Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004640

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to exhaust the available memory and cause the affected system to become unresponsive resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtt36737. A denial of service vulnerability exists in Cisco ASA software 8.4.x versions prior to 8.4(3) and 8.6.x versions prior to 8.6(1.3). memory block

Trust: 2.07

sources: NVD: CVE-2013-3415 // JVNDB: JVNDB-2013-004640 // BID: 62915 // VULHUB: VHN-63417 // VULMON: CVE-2013-3415

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1.11\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.10\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2.11\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4(3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.6(1.3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.28	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	8.6(1.3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	8.4(3)	Trust: 0.3

sources: BID: 62915 // JVNDB: JVNDB-2013-004640 // CNNVD: CNNVD-201310-225 // NVD: CVE-2013-3415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3415
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3415
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-225
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63417
value:	HIGH
Trust: 0.1
VULMON:	CVE-2013-3415
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3415
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-63417
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63417 // VULMON: CVE-2013-3415 // JVNDB: JVNDB-2013-004640 // CNNVD: CNNVD-201310-225 // NVD: CVE-2013-3415

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-63417 // JVNDB: JVNDB-2013-004640 // NVD: CVE-2013-3415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-225

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201310-225

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004640

PATCH

title:	cisco-sa-20131009-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa	Trust: 0.8
title:	AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3415	Trust: 0.8
title:	31106	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31106	Trust: 0.8
title:	cisco-sa-20131009-asa	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119989_cisco-sa-20131009-asa-j.html	Trust: 0.8
title:	Cisco: Multiple Vulnerabilities in Cisco ASA Software	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20131009-asa	Trust: 0.1

sources: VULMON: CVE-2013-3415 // JVNDB: JVNDB-2013-004640

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3415	Trust: 2.9
db:	JVNDB	id:	JVNDB-2013-004640	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-225	Trust: 0.7
db:	CISCO	id:	20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	BID	id:	62915	Trust: 0.4
db:	VULHUB	id:	VHN-63417	Trust: 0.1
db:	VULMON	id:	CVE-2013-3415	Trust: 0.1

sources: VULHUB: VHN-63417 // VULMON: CVE-2013-3415 // BID: 62915 // JVNDB: JVNDB-2013-004640 // CNNVD: CNNVD-201310-225 // NVD: CVE-2013-3415

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa	Trust: 2.1
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3415	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3415	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3415	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31106	Trust: 0.4
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-63417 // VULMON: CVE-2013-3415 // BID: 62915 // JVNDB: JVNDB-2013-004640 // CNNVD: CNNVD-201310-225 // NVD: CVE-2013-3415

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62915

SOURCES

db:	VULHUB	id:	VHN-63417
db:	VULMON	id:	CVE-2013-3415
db:	BID	id:	62915
db:	JVNDB	id:	JVNDB-2013-004640
db:	CNNVD	id:	CNNVD-201310-225
db:	NVD	id:	CVE-2013-3415

LAST UPDATE DATE

2024-08-14T13:58:10.085000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63417	date:	2016-11-01T00:00:00
db:	VULMON	id:	CVE-2013-3415	date:	2016-11-01T00:00:00
db:	BID	id:	62915	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004640	date:	2014-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201310-225	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-3415	date:	2023-08-15T14:41:35.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63417	date:	2013-10-13T00:00:00
db:	VULMON	id:	CVE-2013-3415	date:	2013-10-13T00:00:00
db:	BID	id:	62915	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004640	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-225	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-3415	date:	2013-10-13T10:20:03.740