Details of VAR-201310-0541

ID

VAR-201310-0541

CVE

CVE-2013-5515

TITLE

Cisco Adaptive Security Appliance Software Clientless SSL VPN Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004649

DESCRIPTION

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709. Vendors have confirmed this vulnerability Bug ID CSCua22709 It is released as.Skillfully crafted by a third party HTTPS Service disruption via request ( Device reload ) There is a possibility of being put into a state. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCua22709. The following versions are affected: Cisco Adaptive Security Appliance Software 8.x prior to 8.2(5.44), 8.3.x prior to 8.3(2.39), 8.4.x prior to 8.4(5.7), 8.6 prior to 8.6(1.12) .x version, 9.0.x version before 9.0(2.6), 9.1.x version before 9.1(1.7)

Trust: 2.07

sources: NVD: CVE-2013-5515 // JVNDB: JVNDB-2013-004649 // BID: 62919 // VULHUB: VHN-65517 // VULMON: CVE-2013-5515

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5.35\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5.38\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.4\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3.9\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5.31\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2.37\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2.34\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.10\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(4.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5.28\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(1.7)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3(2.39)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.6.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2(5.44)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6(1.12)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(2.6)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(5.7)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.3.x	Trust: 0.8

sources: JVNDB: JVNDB-2013-004649 // CNNVD: CNNVD-201310-242 // NVD: CVE-2013-5515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5515
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5515
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-242
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65517
value:	HIGH
Trust: 0.1
VULMON:	CVE-2013-5515
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5515
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-65517
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65517 // VULMON: CVE-2013-5515 // JVNDB: JVNDB-2013-004649 // CNNVD: CNNVD-201310-242 // NVD: CVE-2013-5515

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-65517 // JVNDB: JVNDB-2013-004649 // NVD: CVE-2013-5515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-242

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201310-242

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004649

PATCH

title:	cisco-sa-20131009-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa	Trust: 0.8
title:	SSL VPN Web Portal Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5515	Trust: 0.8
title:	31107	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31107	Trust: 0.8
title:	cisco-sa-20131009-asa	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119989_cisco-sa-20131009-asa-j.html	Trust: 0.8
title:	Cisco: Multiple Vulnerabilities in Cisco ASA Software	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20131009-asa	Trust: 0.1

sources: VULMON: CVE-2013-5515 // JVNDB: JVNDB-2013-004649

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5515	Trust: 2.9
db:	JVNDB	id:	JVNDB-2013-004649	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-242	Trust: 0.7
db:	CISCO	id:	20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	BID	id:	62919	Trust: 0.4
db:	VULHUB	id:	VHN-65517	Trust: 0.1
db:	VULMON	id:	CVE-2013-5515	Trust: 0.1

sources: VULHUB: VHN-65517 // VULMON: CVE-2013-5515 // BID: 62919 // JVNDB: JVNDB-2013-004649 // CNNVD: CNNVD-201310-242 // NVD: CVE-2013-5515

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa	Trust: 1.8
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5515	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5515	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5515	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31107	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-65517 // VULMON: CVE-2013-5515 // BID: 62919 // JVNDB: JVNDB-2013-004649 // CNNVD: CNNVD-201310-242 // NVD: CVE-2013-5515

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62919

SOURCES

db:	VULHUB	id:	VHN-65517
db:	VULMON	id:	CVE-2013-5515
db:	BID	id:	62919
db:	JVNDB	id:	JVNDB-2013-004649
db:	CNNVD	id:	CNNVD-201310-242
db:	NVD	id:	CVE-2013-5515

LAST UPDATE DATE

2024-11-23T21:45:30.917000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65517	date:	2016-11-01T00:00:00
db:	VULMON	id:	CVE-2013-5515	date:	2016-11-01T00:00:00
db:	BID	id:	62919	date:	2013-12-17T03:07:00
db:	JVNDB	id:	JVNDB-2013-004649	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201310-242	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5515	date:	2024-11-21T01:57:37.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65517	date:	2013-10-13T00:00:00
db:	VULMON	id:	CVE-2013-5515	date:	2013-10-13T00:00:00
db:	BID	id:	62919	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004649	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-242	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5515	date:	2013-10-13T10:20:04.380