Details of VAR-201310-0546

ID

VAR-201310-0546

CVE

CVE-2013-5509

TITLE

Cisco Adaptive Security Appliance Software SSL Vulnerabilities that prevent authentication from being implemented

Trust: 0.8

sources: JVNDB: JVNDB-2013-004644

DESCRIPTION

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468. Successfully exploiting this issue will allow attackers to bypass the certificate authentication and gain unauthorized access to the affected device. This issue is tracked by Cisco Bug ID CSCuf52468

Trust: 1.98

sources: NVD: CVE-2013-5509 // JVNDB: JVNDB-2013-004644 // BID: 62911 // VULHUB: VHN-65511

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0(2.6)1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1(2)	Trust: 0.8

sources: JVNDB: JVNDB-2013-004644 // CNNVD: CNNVD-201310-237 // NVD: CVE-2013-5509

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5509
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5509
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-237
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-65511
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5509
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65511
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65511 // JVNDB: JVNDB-2013-004644 // CNNVD: CNNVD-201310-237 // NVD: CVE-2013-5509

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65511 // JVNDB: JVNDB-2013-004644 // NVD: CVE-2013-5509

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-237

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-237

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004644

PATCH

title:	cisco-sa-20131009-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa	Trust: 0.8
title:	Digital Certificate Authentication Bypass Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5509	Trust: 0.8
title:	31101	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31101	Trust: 0.8
title:	cisco-sa-20131009-asa	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119989_cisco-sa-20131009-asa-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004644

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5509	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004644	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-237	Trust: 0.7
db:	CISCO	id:	20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	BID	id:	62911	Trust: 0.4
db:	VULHUB	id:	VHN-65511	Trust: 0.1

sources: VULHUB: VHN-65511 // BID: 62911 // JVNDB: JVNDB-2013-004644 // CNNVD: CNNVD-201310-237 // NVD: CVE-2013-5509

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa	Trust: 2.0
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5509	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5509	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5509	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-65511 // BID: 62911 // JVNDB: JVNDB-2013-004644 // CNNVD: CNNVD-201310-237 // NVD: CVE-2013-5509

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62911

SOURCES

db:	VULHUB	id:	VHN-65511
db:	BID	id:	62911
db:	JVNDB	id:	JVNDB-2013-004644
db:	CNNVD	id:	CNNVD-201310-237
db:	NVD	id:	CVE-2013-5509

LAST UPDATE DATE

2024-11-23T21:45:31.078000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65511	date:	2016-11-01T00:00:00
db:	BID	id:	62911	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004644	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201310-237	date:	2013-11-01T00:00:00
db:	NVD	id:	CVE-2013-5509	date:	2024-11-21T01:57:36.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65511	date:	2013-10-13T00:00:00
db:	BID	id:	62911	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004644	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-237	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5509	date:	2013-10-13T10:20:04.287