Details of VAR-201310-0529

ID

VAR-201310-0529

CVE

CVE-2013-5546

TITLE

Cisco ASR 1000 Runs on series devices Cisco IOS XE of TCP Service disruption in reassembly function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004966

DESCRIPTION

The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Because the program fails to handle a large number of TCP reassembly messages correctly, remote attackers can exploit the vulnerability to cause system overload. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. These issues are being tracked by Cisco Bug ID CSCud72509

Trust: 2.52

sources: NVD: CVE-2013-5546 // JVNDB: JVNDB-2013-004966 // CNVD: CNVD-2013-14211 // BID: 63436 // VULHUB: VHN-65548

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14211

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1s	Trust: 1.6
vendor:	cisco	model:	asr 1004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1006	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1023 router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.8	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1023 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.3s	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.1s	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.7	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-14211 // JVNDB: JVNDB-2013-004966 // CNNVD: CNNVD-201310-723 // NVD: CVE-2013-5546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5546
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5546
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-14211
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201310-723
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65548
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5546
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14211
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65548
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14211 // VULHUB: VHN-65548 // JVNDB: JVNDB-2013-004966 // CNNVD: CNNVD-201310-723 // NVD: CVE-2013-5546

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65548 // JVNDB: JVNDB-2013-004966 // NVD: CVE-2013-5546

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-723

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201310-723

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004966

PATCH

title:	cisco-sa-20131030-asr1000	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000	Trust: 0.8
title:	31454	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31454	Trust: 0.8
title:	cisco-sa-20131030-asr1000	url:	http://www.cisco.com/cisco/web/support/JP/112/1120/1120847_cisco-sa-20131030-asr1000-j.html	Trust: 0.8
title:	Cisco IOS XE TCP Division Reorganizes Patches with Multiple Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/40651	Trust: 0.6
title:	Cisco IOS XE TCP Repair measures for denial-of-service vulnerability in segment reorganization function	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164607	Trust: 0.6

sources: CNVD: CNVD-2013-14211 // JVNDB: JVNDB-2013-004966 // CNNVD: CNNVD-201310-723

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5546	Trust: 3.4
db:	BID	id:	63436	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004966	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-723	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14211	Trust: 0.6
db:	VULHUB	id:	VHN-65548	Trust: 0.1

sources: CNVD: CNVD-2013-14211 // VULHUB: VHN-65548 // BID: 63436 // JVNDB: JVNDB-2013-004966 // CNNVD: CNNVD-201310-723 // NVD: CVE-2013-5546

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131030-asr1000	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5546	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5546	Trust: 0.8

sources: CNVD: CNVD-2013-14211 // VULHUB: VHN-65548 // JVNDB: JVNDB-2013-004966 // CNNVD: CNNVD-201310-723 // NVD: CVE-2013-5546

CREDITS

Cisco

Trust: 0.3

sources: BID: 63436

SOURCES

db:	CNVD	id:	CNVD-2013-14211
db:	VULHUB	id:	VHN-65548
db:	BID	id:	63436
db:	JVNDB	id:	JVNDB-2013-004966
db:	CNNVD	id:	CNNVD-201310-723
db:	NVD	id:	CVE-2013-5546

LAST UPDATE DATE

2024-11-23T22:02:21.033000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14211	date:	2013-11-04T00:00:00
db:	VULHUB	id:	VHN-65548	date:	2013-11-01T00:00:00
db:	BID	id:	63436	date:	2013-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-004966	date:	2013-11-05T00:00:00
db:	CNNVD	id:	CNNVD-201310-723	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2013-5546	date:	2024-11-21T01:57:40.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14211	date:	2013-11-04T00:00:00
db:	VULHUB	id:	VHN-65548	date:	2013-10-31T00:00:00
db:	BID	id:	63436	date:	2013-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-004966	date:	2013-11-05T00:00:00
db:	CNNVD	id:	CNNVD-201310-723	date:	2013-10-31T00:00:00
db:	NVD	id:	CVE-2013-5546	date:	2013-10-31T21:55:02.877