Details of VAR-201312-0450

ID

VAR-201312-0450

CVE

CVE-2013-6701

TITLE

Cisco ONS 15454 Runs on the device Transport Node Controller of tNetTaskLimit Service disruption in the process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005623

DESCRIPTION

The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155. Vendors have confirmed this vulnerability Bug ID CSCud97155 It is released as.Service disruption by a third party through a large amount of network traffic (watchdog Timeout and TNC reset ) There is a possibility of being put into a state. Cisco ONS 15454 Transport Node Controller is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload due to a watchdog timeout, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCud97155. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform provides the industry standard for metro and regional dense wavelength division multiplexing (DWDM) solutions

Trust: 1.98

sources: NVD: CVE-2013-6701 // JVNDB: JVNDB-2013-005623 // BID: 64397 // VULHUB: VHN-66703

AFFECTED PRODUCTS

vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.6	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.4	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.2	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.3	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2	Trust: 1.6
vendor:	cisco	model:	ons 15454 mspp	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ons 15454 mstp	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ons 15454 mstp	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454e optical transport platform	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454 multiservice transport platform	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454 sdh multiservice provisioning platform	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454 sonet multiservice provisioning platform	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454 mspp	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	ons 15454	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 multiservice transport platform	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 sdh multiservice provisioning platform	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 sonet multiservice provisioning platform	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 system software	scope:	lte	version:	9.6	Trust: 0.8
vendor:	cisco	model:	ons 15454e optical transport platform	scope:	-	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2013-005623 // CNNVD: CNNVD-201312-390 // NVD: CVE-2013-6701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6701
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6701
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-390
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66703
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6701
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66703
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66703 // JVNDB: JVNDB-2013-005623 // CNNVD: CNNVD-201312-390 // NVD: CVE-2013-6701

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66703 // JVNDB: JVNDB-2013-005623 // NVD: CVE-2013-6701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-390

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-390

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005623

PATCH

title:	Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701	Trust: 0.8
title:	32200	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32200	Trust: 0.8

sources: JVNDB: JVNDB-2013-005623

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6701	Trust: 2.8
db:	SECTRACK	id:	1029512	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005623	Trust: 0.8
db:	CISCO	id:	20131217 CISCO ONS 15454 TRANSPORT NODE CONTROLLER DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-201312-390	Trust: 0.6
db:	BID	id:	64397	Trust: 0.4
db:	VULHUB	id:	VHN-66703	Trust: 0.1

sources: VULHUB: VHN-66703 // BID: 64397 // JVNDB: JVNDB-2013-005623 // CNNVD: CNNVD-201312-390 // NVD: CVE-2013-6701

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6701	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32200	Trust: 1.7
url:	http://www.securitytracker.com/id/1029512	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6701	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6701	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66703 // BID: 64397 // JVNDB: JVNDB-2013-005623 // CNNVD: CNNVD-201312-390 // NVD: CVE-2013-6701

CREDITS

Cisco

Trust: 0.3

sources: BID: 64397

SOURCES

db:	VULHUB	id:	VHN-66703
db:	BID	id:	64397
db:	JVNDB	id:	JVNDB-2013-005623
db:	CNNVD	id:	CNNVD-201312-390
db:	NVD	id:	CVE-2013-6701

LAST UPDATE DATE

2024-11-23T22:08:27.820000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66703	date:	2016-09-15T00:00:00
db:	BID	id:	64397	date:	2013-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-005623	date:	2013-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201312-390	date:	2013-12-23T00:00:00
db:	NVD	id:	CVE-2013-6701	date:	2024-11-21T01:59:34.770

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66703	date:	2013-12-18T00:00:00
db:	BID	id:	64397	date:	2013-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-005623	date:	2013-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201312-390	date:	2013-12-23T00:00:00
db:	NVD	id:	CVE-2013-6701	date:	2013-12-18T16:04:34.350