Sign-up

ID

VAR-201310-0528


CVE

CVE-2013-5545


TITLE

Cisco ASR 1000 Runs on series devices Cisco IOS XE of PPTP ALG Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004965

DESCRIPTION

The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. Vendors have confirmed this vulnerability Bug ID CSCuh19936 It is released as.By a third party NAT A large amount via PPTP Service interruption due to packet transmission ( Device reload ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. After successful use, the system can be overloaded. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh19936. The vulnerability is caused by the program not filtering PPTP packets correctly

Trust: 2.52

sources: NVD: CVE-2013-5545 // JVNDB: JVNDB-2013-004965 // CNVD: CNVD-2013-14208 // BID: 63444 // VULHUB: VHN-65547

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14208

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.9.1s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.9.0s

Trust: 1.6

vendor:ciscomodel:asr 1004scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1006scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1023 routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1002scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1002-xscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1001scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 1002-x routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1006 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1001 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1023 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.9.2s

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.9

Trust: 0.8

vendor:ciscomodel:asr 1002 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1004 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-14208 // JVNDB: JVNDB-2013-004965 // CNNVD: CNNVD-201310-722 // NVD: CVE-2013-5545

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5545
value: HIGH

Trust: 1.0

NVD: CVE-2013-5545
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-14208
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201310-722
value: HIGH

Trust: 0.6

VULHUB: VHN-65547
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5545
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14208
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65547
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14208 // VULHUB: VHN-65547 // JVNDB: JVNDB-2013-004965 // CNNVD: CNNVD-201310-722 // NVD: CVE-2013-5545

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65547 // JVNDB: JVNDB-2013-004965 // NVD: CVE-2013-5545

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-722

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201310-722

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004965

PATCH
title:cisco-sa-20131030-asr1000url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000
Trust: 0.8
title:31453url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31453
Trust: 0.8
title:cisco-sa-20131030-asr1000url:http://www.cisco.com/cisco/web/support/JP/112/1120/1120847_cisco-sa-20131030-asr1000-j.html
Trust: 0.8
title:Patch for Cisco IOS XE Software Denial of Service Vulnerability (CNVD-2013-14208)url:https://www.cnvd.org.cn/patchInfo/show/40654
Trust: 0.6
title:Cisco IOS XE PPTP ALG Fixes for feature denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164606
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14208 // 
            
            
            
            JVNDB: JVNDB-2013-004965 // 
            
            
            
            CNNVD: CNNVD-201310-722

EXTERNAL IDS
db:NVDid:CVE-2013-5545
Trust: 3.4
db:BIDid:63444
Trust: 1.0
db:JVNDBid:JVNDB-2013-004965
Trust: 0.8
db:CNNVDid:CNNVD-201310-722
Trust: 0.7
db:CNVDid:CNVD-2013-14208
Trust: 0.6
db:VULHUBid:VHN-65547
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14208 // 
            
            
            
            VULHUB: VHN-65547 // 
            
            
            
            BID: 63444 // 
            
            
            
            JVNDB: JVNDB-2013-004965 // 
            
            
            
            CNNVD: CNNVD-201310-722 // 
            
            
            
            NVD: CVE-2013-5545

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131030-asr1000
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5545
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5545
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2013-14208 // 
            
            
            
            VULHUB: VHN-65547 // 
            
            
            
            JVNDB: JVNDB-2013-004965 // 
            
            
            
            CNNVD: CNNVD-201310-722 // 
            
            
            
            NVD: CVE-2013-5545

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63444

SOURCES
db:CNVDid:CNVD-2013-14208
db:VULHUBid:VHN-65547
db:BIDid:63444
db:JVNDBid:JVNDB-2013-004965
db:CNNVDid:CNNVD-201310-722
db:NVDid:CVE-2013-5545

LAST UPDATE DATE
2024-11-23T22:56:39.588000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14208date:2013-11-04T00:00:00
db:VULHUBid:VHN-65547date:2013-11-01T00:00:00
db:BIDid:63444date:2013-10-30T00:00:00
db:JVNDBid:JVNDB-2013-004965date:2013-11-05T00:00:00
db:CNNVDid:CNNVD-201310-722date:2021-10-08T00:00:00
db:NVDid:CVE-2013-5545date:2024-11-21T01:57:40.607

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14208date:2013-11-04T00:00:00
db:VULHUBid:VHN-65547date:2013-10-31T00:00:00
db:BIDid:63444date:2013-10-30T00:00:00
db:JVNDBid:JVNDB-2013-004965date:2013-11-05T00:00:00
db:CNNVDid:CNNVD-201310-722date:2013-10-31T00:00:00
db:NVDid:CVE-2013-5545date:2013-10-31T21:55:02.860