ID
VAR-201311-0299
CVE
CVE-2013-5559
TITLE
Cisco AnyConnect Secure Mobility Client of VPNAPI COM Module buffer overflow vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2013-005010
DESCRIPTION
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139. Vendors have confirmed this vulnerability Bug ID CSCuj58139 It is released as.Crafted by attackers HTML Arbitrary code may be executed through the documentation. Attackers can exploit this issue to execute arbitrary commands with elevated privileges. Failed exploit attempts will result in denial-of-service conditions. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. This issue is being tracked by Cisco Bug ID CSCuj58139. Cisco AnyConnect Secure Mobility Client is a Cisco (Cisco) secure mobile client that can securely access networks and applications through any device
Trust: 1.98
sources:
NVD: CVE-2013-5559 //
JVNDB: JVNDB-2013-005010 //
BID: 63491 //
VULHUB: VHN-65561
AFFECTED PRODUCTS
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2019 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.3054 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.5130 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.5131 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.5112 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.3055 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.5116 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.5125 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.5118 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.6005 | Trust: 1.9 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.3046 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.3051 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.4004 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2014 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.5004 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.1012 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.4014 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.1025 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.2.128 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.2.133 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.7073 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.3 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.2 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2011 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.2.136 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.3041 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.1 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2010 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.2.140 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2006 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2017 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2001 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.3.185 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.3.2016 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.3.254 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.2018 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.7030 | Trust: 1.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.0 | Trust: 1.0 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.0202 | Trust: 1.0 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.0217 | Trust: 1.0 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.x | Trust: 0.8 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.5080 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.1.495 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.4235 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.7059 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.8057 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.1 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client mr8 | scope: | ne | version: | 3.0 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.5.217 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client mr6 | scope: | eq | version: | 2.5 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.2052 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.2 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.3050 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.3054 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 2.4.202 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.8066 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.5075 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.1047 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3.0.629 | Trust: 0.3 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | ne | version: | 3 | Trust: 0.3 |
sources:
BID: 63491 //
JVNDB: JVNDB-2013-005010 //
CNNVD: CNNVD-201311-027 //
NVD: CVE-2013-5559
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
VULHUB: VHN-65561 //
JVNDB: JVNDB-2013-005010 //
CNNVD: CNNVD-201311-027 //
NVD: CVE-2013-5559
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
sources:
VULHUB: VHN-65561 //
JVNDB: JVNDB-2013-005010 //
NVD: CVE-2013-5559
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201311-027
TYPE
buffer overflow
Trust: 0.6
sources:
CNNVD: CNNVD-201311-027
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-005010
PATCH
| title: | Cisco AnyConnect VPNAPI COM Buffer Overflow Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5559 | Trust: 0.8 |
| title: | 31606 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=31606 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2013-005010
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-5559 | Trust: 2.8 |
| db: | JVNDB | id: | JVNDB-2013-005010 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201311-027 | Trust: 0.7 |
| db: | CISCO | id: | 20131101 CISCO ANYCONNECT VPNAPI COM BUFFER OVERFLOW VULNERABILITY | Trust: 0.6 |
| db: | BID | id: | 63491 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-65561 | Trust: 0.1 |
sources:
VULHUB: VHN-65561 //
BID: 63491 //
JVNDB: JVNDB-2013-005010 //
CNNVD: CNNVD-201311-027 //
NVD: CVE-2013-5559
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5559 | Trust: 1.1 |
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5559. | Trust: 0.9 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5559 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5559 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
sources:
VULHUB: VHN-65561 //
BID: 63491 //
JVNDB: JVNDB-2013-005010 //
CNNVD: CNNVD-201311-027 //
NVD: CVE-2013-5559
CREDITS
Cisco
Trust: 0.3
sources:
BID: 63491
SOURCES
| db: | VULHUB | id: | VHN-65561 |
| db: | BID | id: | 63491 |
| db: | JVNDB | id: | JVNDB-2013-005010 |
| db: | CNNVD | id: | CNNVD-201311-027 |
| db: | NVD | id: | CVE-2013-5559 |
LAST UPDATE DATE
2024-11-23T22:49:33.302000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-65561 | date: | 2016-09-21T00:00:00 |
| db: | BID | id: | 63491 | date: | 2013-11-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005010 | date: | 2013-11-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201311-027 | date: | 2013-11-05T00:00:00 |
| db: | NVD | id: | CVE-2013-5559 | date: | 2024-11-21T01:57:42.177 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-65561 | date: | 2013-11-04T00:00:00 |
| db: | BID | id: | 63491 | date: | 2013-11-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005010 | date: | 2013-11-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201311-027 | date: | 2013-11-05T00:00:00 |
| db: | NVD | id: | CVE-2013-5559 | date: | 2013-11-04T16:55:05.140 |