Details of VAR-201310-0534

ID

VAR-201310-0534

CVE

CVE-2013-5507

TITLE

Cisco Adaptive Security Appliances Software IPsec Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004642

DESCRIPTION

The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CSCue18975. Vendors have confirmed this vulnerability Bug ID CSCue18975 It is released as.Inappropriate processing during decryption by a third party (1) ICMP Or (2) ICMPv6 Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to reload an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCue18975

Trust: 1.98

sources: NVD: CVE-2013-5507 // JVNDB: JVNDB-2013-004642 // BID: 62910 // VULHUB: VHN-65509

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1(1.7)	Trust: 0.8

sources: JVNDB: JVNDB-2013-004642 // CNNVD: CNNVD-201310-235 // NVD: CVE-2013-5507

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5507
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5507
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-235
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65509
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5507
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65509
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65509 // JVNDB: JVNDB-2013-004642 // CNNVD: CNNVD-201310-235 // NVD: CVE-2013-5507

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-65509 // JVNDB: JVNDB-2013-004642 // NVD: CVE-2013-5507

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-235

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201310-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004642

PATCH

title:	cisco-sa-20131009-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa	Trust: 0.8
title:	IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5507	Trust: 0.8
title:	31100	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31100	Trust: 0.8
title:	cisco-sa-20131009-asa	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119989_cisco-sa-20131009-asa-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004642

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5507	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004642	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-235	Trust: 0.7
db:	CISCO	id:	20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	BID	id:	62910	Trust: 0.4
db:	VULHUB	id:	VHN-65509	Trust: 0.1

sources: VULHUB: VHN-65509 // BID: 62910 // JVNDB: JVNDB-2013-004642 // CNNVD: CNNVD-201310-235 // NVD: CVE-2013-5507

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa	Trust: 2.0
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5507	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5507	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5507	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31100	Trust: 0.3

sources: VULHUB: VHN-65509 // BID: 62910 // JVNDB: JVNDB-2013-004642 // CNNVD: CNNVD-201310-235 // NVD: CVE-2013-5507

CREDITS

Cisco

Trust: 0.3

sources: BID: 62910

SOURCES

db:	VULHUB	id:	VHN-65509
db:	BID	id:	62910
db:	JVNDB	id:	JVNDB-2013-004642
db:	CNNVD	id:	CNNVD-201310-235
db:	NVD	id:	CVE-2013-5507

LAST UPDATE DATE

2024-11-23T21:45:31.200000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65509	date:	2016-11-01T00:00:00
db:	BID	id:	62910	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004642	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201310-235	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5507	date:	2024-11-21T01:57:36.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65509	date:	2013-10-13T00:00:00
db:	BID	id:	62910	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004642	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-235	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5507	date:	2013-10-13T10:20:04.257