Sign-up

ID

VAR-201312-0287


CVE

CVE-2013-6979


TITLE

Cisco IOS XE of VTY Vulnerabilities that bypass authentication in the implementation of authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-005700

DESCRIPTION

The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE Software is prone to a remote authentication-bypass vulnerability. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions with elevated privileges on the device running the vulnerable application. This issue is tracked by Cisco Bug ID CSCuj90227. The vulnerability is caused by the program not properly validating the Linux-IOS internal network configuration

Trust: 2.52

sources: NVD: CVE-2013-6979 // JVNDB: JVNDB-2013-005700 // CNVD: CNVD-2013-15558 // BID: 64502 // VULHUB: VHN-66981

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15558

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:03.02.xxse

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:03.03.xxse

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-15558 // JVNDB: JVNDB-2013-005700 // CNNVD: CNNVD-201312-471 // NVD: CVE-2013-6979

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6979
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6979
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-15558
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201312-471
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66981
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6979
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-15558
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66981
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-15558 // VULHUB: VHN-66981 // JVNDB: JVNDB-2013-005700 // CNNVD: CNNVD-201312-471 // NVD: CVE-2013-6979

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-66981 // JVNDB: JVNDB-2013-005700 // NVD: CVE-2013-6979

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-471

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201312-471

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005700

PATCH
title:Cisco IOS XE Software Telnet Authentication Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6979
Trust: 0.8
title:32273url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32273
Trust: 0.8
title:Cisco IOS XE telnet verifies patches that bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/41992
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-15558 // 
            
            
            
            JVNDB: JVNDB-2013-005700

EXTERNAL IDS
db:NVDid:CVE-2013-6979
Trust: 3.4
db:BIDid:64502
Trust: 2.0
db:OSVDBid:101351
Trust: 1.1
db:SECTRACKid:1029537
Trust: 1.1
db:JVNDBid:JVNDB-2013-005700
Trust: 0.8
db:CNNVDid:CNNVD-201312-471
Trust: 0.7
db:CNVDid:CNVD-2013-15558
Trust: 0.6
db:CISCOid:20131223 CISCO IOS XE SOFTWARE TELNET AUTHENTICATION BYPASS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66981
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-15558 // 
            
            
            
            VULHUB: VHN-66981 // 
            
            
            
            BID: 64502 // 
            
            
            
            JVNDB: JVNDB-2013-005700 // 
            
            
            
            CNNVD: CNNVD-201312-471 // 
            
            
            
            NVD: CVE-2013-6979

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6979
Trust: 2.3
url:http://www.securityfocus.com/bid/64502
Trust: 1.1
url:http://osvdb.org/101351
Trust: 1.1
url:http://www.securitytracker.com/id/1029537
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89901
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6979
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6979
Trust: 0.8
url:https://tools.cisco.com/bugsearch/bug/cscuj90227
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-15558 // 
            
            
            
            VULHUB: VHN-66981 // 
            
            
            
            BID: 64502 // 
            
            
            
            JVNDB: JVNDB-2013-005700 // 
            
            
            
            CNNVD: CNNVD-201312-471 // 
            
            
            
            NVD: CVE-2013-6979

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64502

SOURCES
db:CNVDid:CNVD-2013-15558
db:VULHUBid:VHN-66981
db:BIDid:64502
db:JVNDBid:JVNDB-2013-005700
db:CNNVDid:CNNVD-201312-471
db:NVDid:CVE-2013-6979

LAST UPDATE DATE
2024-11-23T22:59:42.578000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-15558date:2013-12-27T00:00:00
db:VULHUBid:VHN-66981date:2017-08-29T00:00:00
db:BIDid:64502date:2013-12-23T00:00:00
db:JVNDBid:JVNDB-2013-005700date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-471date:2013-12-26T00:00:00
db:NVDid:CVE-2013-6979date:2024-11-21T02:00:05.923

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-15558date:2013-12-25T00:00:00
db:VULHUBid:VHN-66981date:2013-12-23T00:00:00
db:BIDid:64502date:2013-12-23T00:00:00
db:JVNDBid:JVNDB-2013-005700date:2013-12-25T00:00:00
db:CNNVDid:CNNVD-201312-471date:2013-12-26T00:00:00
db:NVDid:CVE-2013-6979date:2013-12-23T22:55:03.177