Details of VAR-201311-0236

ID

VAR-201311-0236

CVE

CVE-2013-6682

TITLE

Cisco Adaptive Security Appliance Phone Proxy Database Security Bypass Vulnerability

Trust: 0.9

sources: BID: 63624 // CNNVD: CNNVD-201311-145

DESCRIPTION

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299. Vendors have confirmed this vulnerability Bug ID CSCui33299 It is released as.Denial of service operation by a third party via invalid entry ( Connection database corruption ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions like insert an invalid entry into the phone proxy connection database. This issue is tracked by Cisco Bug ID's CSCui33299. The vulnerability stems from the fact that the phone proxy connection database does not properly handle untrusted certificates

Trust: 1.98

sources: NVD: CVE-2013-6682 // JVNDB: JVNDB-2013-005108 // BID: 63624 // VULHUB: VHN-66684

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.15\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.16\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.17\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(1.22\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.10\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5\(1.17\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(8\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5.35\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7\(1.3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.49\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(6\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.0.3\(6\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.10\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(4.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(6\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.19\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7\(1.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(6.7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5.28\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5.38\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(5.2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5.31\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.27\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2.37\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2.34\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.14\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5\(1.4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.48\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.48\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.18\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3.9\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.8\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	(asa)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.0.3.6	Trust: 0.8

sources: JVNDB: JVNDB-2013-005108 // CNNVD: CNNVD-201311-145 // NVD: CVE-2013-6682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6682
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6682
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201311-145
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66684
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6682
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66684
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66684 // JVNDB: JVNDB-2013-005108 // CNNVD: CNNVD-201311-145 // NVD: CVE-2013-6682

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66684 // JVNDB: JVNDB-2013-005108 // NVD: CVE-2013-6682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-145

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201311-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005108

PATCH

title:	Cisco Adaptive Security Appliance Phone Proxy Database Entry Manipulation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6682	Trust: 0.8
title:	31692	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31692	Trust: 0.8

sources: JVNDB: JVNDB-2013-005108

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6682	Trust: 2.8
db:	BID	id:	63624	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-005108	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-145	Trust: 0.7
db:	CISCO	id:	20131108 CISCO ADAPTIVE SECURITY APPLIANCE PHONE PROXY DATABASE ENTRY MANIPULATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-66684	Trust: 0.1

sources: VULHUB: VHN-66684 // BID: 63624 // JVNDB: JVNDB-2013-005108 // CNNVD: CNNVD-201311-145 // NVD: CVE-2013-6682

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6682	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31692	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6682	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6682	Trust: 0.8
url:	http://www.securityfocus.com/bid/63624	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66684 // BID: 63624 // JVNDB: JVNDB-2013-005108 // CNNVD: CNNVD-201311-145 // NVD: CVE-2013-6682

CREDITS

Cisco

Trust: 0.9

sources: BID: 63624 // CNNVD: CNNVD-201311-145

SOURCES

db:	VULHUB	id:	VHN-66684
db:	BID	id:	63624
db:	JVNDB	id:	JVNDB-2013-005108
db:	CNNVD	id:	CNNVD-201311-145
db:	NVD	id:	CVE-2013-6682

LAST UPDATE DATE

2024-11-23T22:49:33.334000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66684	date:	2013-11-14T00:00:00
db:	BID	id:	63624	date:	2013-11-13T01:03:00
db:	JVNDB	id:	JVNDB-2013-005108	date:	2013-11-15T00:00:00
db:	CNNVD	id:	CNNVD-201311-145	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-6682	date:	2024-11-21T01:59:32.733

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66684	date:	2013-11-13T00:00:00
db:	BID	id:	63624	date:	2013-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-005108	date:	2013-11-15T00:00:00
db:	CNNVD	id:	CNNVD-201311-145	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-6682	date:	2013-11-13T15:55:04.440