ID

VAR-201310-0536


CVE

CVE-2013-5550


TITLE

Cisco Unified Computing System Service disruption in fabric interconnect components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004830

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. Cisco Unified Computing System is prone to a local denial-of-service vulnerability because it fails to properly validate the user-supplied input. Local attacker can exploit this issue to crash the device and cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtq86549. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not correctly filtering the parameters submitted by users

Trust: 1.98

sources: NVD: CVE-2013-5550 // JVNDB: JVNDB-2013-004830 // BID: 63246 // VULHUB: VHN-65552

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 63246 // JVNDB: JVNDB-2013-004830 // CNNVD: CNNVD-201310-509 // NVD: CVE-2013-5550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5550
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5550
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-509
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65552
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5550
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65552
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65552 // JVNDB: JVNDB-2013-004830 // CNNVD: CNNVD-201310-509 // NVD: CVE-2013-5550

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65552 // JVNDB: JVNDB-2013-004830 // NVD: CVE-2013-5550

THREAT TYPE

local

Trust: 0.9

sources: BID: 63246 // CNNVD: CNNVD-201310-509

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-509

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004830

PATCH

title:Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5550

Trust: 0.8

title:31389url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31389

Trust: 0.8

sources: JVNDB: JVNDB-2013-004830

EXTERNAL IDS

db:NVDid:CVE-2013-5550

Trust: 2.8

db:JVNDBid:JVNDB-2013-004830

Trust: 0.8

db:CNNVDid:CNNVD-201310-509

Trust: 0.7

db:CISCOid:20131021 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT DENIAL OF SERVICE VULNERABILITY

Trust: 0.6

db:BIDid:63246

Trust: 0.4

db:VULHUBid:VHN-65552

Trust: 0.1

sources: VULHUB: VHN-65552 // BID: 63246 // JVNDB: JVNDB-2013-004830 // CNNVD: CNNVD-201310-509 // NVD: CVE-2013-5550

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5550

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5550

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5550

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-65552 // BID: 63246 // JVNDB: JVNDB-2013-004830 // CNNVD: CNNVD-201310-509 // NVD: CVE-2013-5550

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 63246

SOURCES

db:VULHUBid:VHN-65552
db:BIDid:63246
db:JVNDBid:JVNDB-2013-004830
db:CNNVDid:CNNVD-201310-509
db:NVDid:CVE-2013-5550

LAST UPDATE DATE

2024-11-23T22:18:43.799000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-65552date:2013-10-22T00:00:00
db:BIDid:63246date:2013-10-21T00:00:00
db:JVNDBid:JVNDB-2013-004830date:2013-10-23T00:00:00
db:CNNVDid:CNNVD-201310-509date:2013-10-23T00:00:00
db:NVDid:CVE-2013-5550date:2024-11-21T01:57:41.170

SOURCES RELEASE DATE

db:VULHUBid:VHN-65552date:2013-10-22T00:00:00
db:BIDid:63246date:2013-10-21T00:00:00
db:JVNDBid:JVNDB-2013-004830date:2013-10-23T00:00:00
db:CNNVDid:CNNVD-201310-509date:2013-10-23T00:00:00
db:NVDid:CVE-2013-5550date:2013-10-22T11:17:15.513