Sign-up

ID

VAR-201310-0536


CVE

CVE-2013-5550


TITLE

Cisco Unified Computing System Service disruption in fabric interconnect components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004830

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. Cisco Unified Computing System is prone to a local denial-of-service vulnerability because it fails to properly validate the user-supplied input. Local attacker can exploit this issue to crash the device and cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtq86549. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not correctly filtering the parameters submitted by users

Trust: 1.98

sources: NVD: CVE-2013-5550 // JVNDB: JVNDB-2013-004830 // BID: 63246 // VULHUB: VHN-65552

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 63246 // JVNDB: JVNDB-2013-004830 // CNNVD: CNNVD-201310-509 // NVD: CVE-2013-5550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5550
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5550
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-509
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65552
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5550
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65552
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65552 // JVNDB: JVNDB-2013-004830 // CNNVD: CNNVD-201310-509 // NVD: CVE-2013-5550

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65552 // JVNDB: JVNDB-2013-004830 // NVD: CVE-2013-5550

THREAT TYPE

local

Trust: 0.9

sources: BID: 63246 // CNNVD: CNNVD-201310-509

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-509

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004830

PATCH
title:Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5550
Trust: 0.8
title:31389url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31389
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004830

EXTERNAL IDS
db:NVDid:CVE-2013-5550
Trust: 2.8
db:JVNDBid:JVNDB-2013-004830
Trust: 0.8
db:CNNVDid:CNNVD-201310-509
Trust: 0.7
db:CISCOid:20131021 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:63246
Trust: 0.4
db:VULHUBid:VHN-65552
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65552 // 
            
            
            
            BID: 63246 // 
            
            
            
            JVNDB: JVNDB-2013-004830 // 
            
            
            
            CNNVD: CNNVD-201310-509 // 
            
            
            
            NVD: CVE-2013-5550

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5550
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5550
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5550
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65552 // 
            
            
            
            BID: 63246 // 
            
            
            
            JVNDB: JVNDB-2013-004830 // 
            
            
            
            CNNVD: CNNVD-201310-509 // 
            
            
            
            NVD: CVE-2013-5550

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 63246

SOURCES
db:VULHUBid:VHN-65552
db:BIDid:63246
db:JVNDBid:JVNDB-2013-004830
db:CNNVDid:CNNVD-201310-509
db:NVDid:CVE-2013-5550

LAST UPDATE DATE
2024-11-23T22:18:43.799000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65552date:2013-10-22T00:00:00
db:BIDid:63246date:2013-10-21T00:00:00
db:JVNDBid:JVNDB-2013-004830date:2013-10-23T00:00:00
db:CNNVDid:CNNVD-201310-509date:2013-10-23T00:00:00
db:NVDid:CVE-2013-5550date:2024-11-21T01:57:41.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-65552date:2013-10-22T00:00:00
db:BIDid:63246date:2013-10-21T00:00:00
db:JVNDBid:JVNDB-2013-004830date:2013-10-23T00:00:00
db:CNNVDid:CNNVD-201310-509date:2013-10-23T00:00:00
db:NVDid:CVE-2013-5550date:2013-10-22T11:17:15.513