ID

VAR-201311-0292


CVE

CVE-2013-5551


TITLE

Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004969

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199. Attackers can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCui51199. A denial of service vulnerability exists in the SSL VPN functionality in Cisco ASA. When configured with the same-security-traffic and management-access options, a remote attacker can exploit this vulnerability by sending a specially crafted URL to cause denial of service (stack buffer overflow and device restart)

Trust: 1.98

sources: NVD: CVE-2013-5551 // JVNDB: JVNDB-2013-004969 // BID: 63406 // VULHUB: VHN-65553

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:(asa)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2013-004969 // CNNVD: CNNVD-201310-752 // NVD: CVE-2013-5551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5551
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5551
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-752
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65553
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5551
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65553
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65553 // JVNDB: JVNDB-2013-004969 // CNNVD: CNNVD-201310-752 // NVD: CVE-2013-5551

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-65553 // JVNDB: JVNDB-2013-004969 // NVD: CVE-2013-5551

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-752

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201310-752

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004969

PATCH

title:Cisco ASA Clientless SSL VPN Rewriter Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5551

Trust: 0.8

title:31546url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31546

Trust: 0.8

sources: JVNDB: JVNDB-2013-004969

EXTERNAL IDS

db:NVDid:CVE-2013-5551

Trust: 2.8

db:BIDid:63406

Trust: 1.0

db:JVNDBid:JVNDB-2013-004969

Trust: 0.8

db:CNNVDid:CNNVD-201310-752

Trust: 0.7

db:NSFOCUSid:25128

Trust: 0.6

db:CISCOid:20131029 CISCO ASA CLIENTLESS SSL VPN REWRITER DENIAL OF SERVICE VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-65553

Trust: 0.1

sources: VULHUB: VHN-65553 // BID: 63406 // JVNDB: JVNDB-2013-004969 // CNNVD: CNNVD-201310-752 // NVD: CVE-2013-5551

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5551

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5551

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5551

Trust: 0.8

url:http://www.securityfocus.com/bid/63406

Trust: 0.6

url:http://www.nsfocus.net/vulndb/25128

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-65553 // BID: 63406 // JVNDB: JVNDB-2013-004969 // CNNVD: CNNVD-201310-752 // NVD: CVE-2013-5551

CREDITS

Cisco

Trust: 0.9

sources: BID: 63406 // CNNVD: CNNVD-201310-752

SOURCES

db:VULHUBid:VHN-65553
db:BIDid:63406
db:JVNDBid:JVNDB-2013-004969
db:CNNVDid:CNNVD-201310-752
db:NVDid:CVE-2013-5551

LAST UPDATE DATE

2024-11-23T22:13:50.924000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-65553date:2013-11-05T00:00:00
db:BIDid:63406date:2013-11-01T00:32:00
db:JVNDBid:JVNDB-2013-004969date:2013-11-05T00:00:00
db:CNNVDid:CNNVD-201310-752date:2013-11-01T00:00:00
db:NVDid:CVE-2013-5551date:2024-11-21T01:57:41.283

SOURCES RELEASE DATE

db:VULHUBid:VHN-65553date:2013-11-01T00:00:00
db:BIDid:63406date:2013-10-29T00:00:00
db:JVNDBid:JVNDB-2013-004969date:2013-11-05T00:00:00
db:CNNVDid:CNNVD-201310-752date:2013-10-29T00:00:00
db:NVDid:CVE-2013-5551date:2013-11-01T02:55:05.010