Details of VAR-201310-0533

ID

VAR-201310-0533

CVE

CVE-2013-5506

TITLE

Cisco Firewall Services Module Vulnerability in reading context settings in authentication function

Trust: 0.8

sources: JVNDB: JVNDB-2013-004641

DESCRIPTION

The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080. A local attacker may exploit this issue to execute certain commands in any of the user contexts of the affected system. This issue is being tracked by Cisco Bug ID CSCue46080

Trust: 1.98

sources: NVD: CVE-2013-5506 // JVNDB: JVNDB-2013-004641 // BID: 62918 // VULHUB: VHN-65508

AFFECTED PRODUCTS

vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(3\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(1\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(5\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(2\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(7\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(3\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(6\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(4\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(8\)	Trust: 1.6
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(2\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(15\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(8\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(9\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(10\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(16\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(5\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(11\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(17\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(19\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(13\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(22\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(20\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(14\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(10\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(15\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(21\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(12\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(21\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(17\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(10\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(1\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(4\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(14\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(18\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(19\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(20\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(18\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(9\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(12\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(13\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(13\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(4\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(6\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(7\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(8\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(10\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(2\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(11\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(15\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(16\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(3\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(12\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(5\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(14\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(5\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(6\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(8\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(12\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(9\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(2\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(4\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(11\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2\(7\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(7\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(11\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.0\(1\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	4.1\(6\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	eq	version:	3.1\(3\)	Trust: 1.0
vendor:	cisco	model:	firewall services module software	scope:	lt	version:	3.2(27)	Trust: 0.8
vendor:	cisco	model:	firewall services module software	scope:	lt	version:	4.1(14)	Trust: 0.8
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(20)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(23)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(22)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(6)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(16)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0(10.1)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.1)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(13)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.1(1.2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0(6)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0(8)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(17.2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0(11.1)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.1(8)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(20)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(21)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(1.9)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.1(5)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(16.1)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(4)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.24)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0(16)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.1(7)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.0(15)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.18)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.3)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(17.2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.2(3)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	4.1(1.1)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(1.7)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.11)	Trust: 0.3

sources: BID: 62918 // JVNDB: JVNDB-2013-004641 // CNNVD: CNNVD-201310-234 // NVD: CVE-2013-5506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5506
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5506
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-234
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65508
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5506
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65508
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65508 // JVNDB: JVNDB-2013-004641 // CNNVD: CNNVD-201310-234 // NVD: CVE-2013-5506

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65508 // JVNDB: JVNDB-2013-004641 // NVD: CVE-2013-5506

THREAT TYPE

local

Trust: 0.9

sources: BID: 62918 // CNNVD: CNNVD-201310-234

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-234

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004641

PATCH

title:	cisco-sa-20131009-fwsm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm	Trust: 0.8
title:	31097	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31097	Trust: 0.8
title:	cisco-sa-20131009-fwsm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119988_cisco-sa-20131009-fwsm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004641

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5506	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004641	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-234	Trust: 0.7
db:	CISCO	id:	20131009 MULTIPLE VULNERABILITIES IN CISCO FIREWALL SERVICES MODULE SOFTWARE	Trust: 0.6
db:	BID	id:	62918	Trust: 0.4
db:	VULHUB	id:	VHN-65508	Trust: 0.1

sources: VULHUB: VHN-65508 // BID: 62918 // JVNDB: JVNDB-2013-004641 // CNNVD: CNNVD-201310-234 // NVD: CVE-2013-5506

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-fwsm	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5506	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5506	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-65508 // BID: 62918 // JVNDB: JVNDB-2013-004641 // CNNVD: CNNVD-201310-234 // NVD: CVE-2013-5506

CREDITS

Cisco

Trust: 0.3

sources: BID: 62918

SOURCES

db:	VULHUB	id:	VHN-65508
db:	BID	id:	62918
db:	JVNDB	id:	JVNDB-2013-004641
db:	CNNVD	id:	CNNVD-201310-234
db:	NVD	id:	CVE-2013-5506

LAST UPDATE DATE

2024-11-23T21:45:31.014000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65508	date:	2013-10-15T00:00:00
db:	BID	id:	62918	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004641	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-234	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5506	date:	2024-11-21T01:57:36.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65508	date:	2013-10-13T00:00:00
db:	BID	id:	62918	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004641	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-234	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5506	date:	2013-10-13T10:20:04.223