Sign-up

ID

VAR-201311-0230


CVE

CVE-2013-6692


TITLE

Cisco IOS XE Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005223

DESCRIPTION

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh04949

Trust: 2.52

sources: NVD: CVE-2013-6692 // JVNDB: JVNDB-2013-005223 // CNVD: CNVD-2013-14682 // BID: 63855 // VULHUB: VHN-66694

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14682

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.7.1s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.7.2s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.8s\(.0\)

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.8s\(.1\)

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.7.0s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.8.0s

Trust: 1.6

vendor:ciscomodel:ios xescope:lteversion:3.8s\(.2\)

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.8s(.2)

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.8s\(.2\)

Trust: 0.6

sources: CNVD: CNVD-2013-14682 // JVNDB: JVNDB-2013-005223 // CNNVD: CNNVD-201311-337 // NVD: CVE-2013-6692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6692
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6692
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14682
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201311-337
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66694
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6692
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14682
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66694
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14682 // VULHUB: VHN-66694 // JVNDB: JVNDB-2013-005223 // CNNVD: CNNVD-201311-337 // NVD: CVE-2013-6692

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-66694 // JVNDB: JVNDB-2013-005223 // NVD: CVE-2013-6692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-337

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201311-337

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005223

PATCH
title:Cisco IOS XE AAA DHCP Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6692
Trust: 0.8
title:31860url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31860
Trust: 0.8
title:Patch for Cisco IOS XE AAA DHCP Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41263
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14682 // 
            
            
            
            JVNDB: JVNDB-2013-005223

EXTERNAL IDS
db:NVDid:CVE-2013-6692
Trust: 3.4
db:BIDid:63855
Trust: 1.0
db:JVNDBid:JVNDB-2013-005223
Trust: 0.8
db:CNNVDid:CNNVD-201311-337
Trust: 0.7
db:CNVDid:CNVD-2013-14682
Trust: 0.6
db:NSFOCUSid:25366
Trust: 0.6
db:CISCOid:20131121 CISCO IOS XE AAA DHCP DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66694
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14682 // 
            
            
            
            VULHUB: VHN-66694 // 
            
            
            
            BID: 63855 // 
            
            
            
            JVNDB: JVNDB-2013-005223 // 
            
            
            
            CNNVD: CNNVD-201311-337 // 
            
            
            
            NVD: CVE-2013-6692

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6692
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31860
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6692
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6692
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuh04949
Trust: 0.6
url:http://www.nsfocus.net/vulndb/25366
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14682 // 
            
            
            
            VULHUB: VHN-66694 // 
            
            
            
            JVNDB: JVNDB-2013-005223 // 
            
            
            
            CNNVD: CNNVD-201311-337 // 
            
            
            
            NVD: CVE-2013-6692

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63855

SOURCES
db:CNVDid:CNVD-2013-14682
db:VULHUBid:VHN-66694
db:BIDid:63855
db:JVNDBid:JVNDB-2013-005223
db:CNNVDid:CNNVD-201311-337
db:NVDid:CVE-2013-6692

LAST UPDATE DATE
2024-11-23T22:46:09.709000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14682date:2013-11-25T00:00:00
db:VULHUBid:VHN-66694date:2013-11-22T00:00:00
db:BIDid:63855date:2013-11-22T08:57:00
db:JVNDBid:JVNDB-2013-005223date:2013-11-25T00:00:00
db:CNNVDid:CNNVD-201311-337date:2013-11-22T00:00:00
db:NVDid:CVE-2013-6692date:2024-11-21T01:59:33.900

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14682date:2013-11-25T00:00:00
db:VULHUBid:VHN-66694date:2013-11-22T00:00:00
db:BIDid:63855date:2013-11-21T00:00:00
db:JVNDBid:JVNDB-2013-005223date:2013-11-25T00:00:00
db:CNNVDid:CNNVD-201311-337date:2013-11-22T00:00:00
db:NVDid:CVE-2013-6692date:2013-11-22T01:55:04.043