Sign-up

ID

VAR-201312-0451


CVE

CVE-2013-6702


TITLE

Cisco ONS 15454 Service disruption in the implementation of controller card software management (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005355

DESCRIPTION

The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902. An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCtz50902 and CSCuh89020. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards

Trust: 1.98

sources: NVD: CVE-2013-6702 // JVNDB: JVNDB-2013-005355 // BID: 64061 // VULHUB: VHN-66704

AFFECTED PRODUCTS

vendor:ciscomodel:ons 15454scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ons 15454scope:lteversion:9.8

Trust: 1.0

vendor:ciscomodel:ons 15454scope: - version: -

Trust: 0.8

vendor:ciscomodel:ons 15454 system softwarescope:lteversion:9.8

Trust: 0.8

vendor:ciscomodel:ons 15454scope:eqversion:9.8

Trust: 0.6

sources: JVNDB: JVNDB-2013-005355 // CNNVD: CNNVD-201312-065 // NVD: CVE-2013-6702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6702
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6702
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-065
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66704
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6702
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66704
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66704 // JVNDB: JVNDB-2013-005355 // CNNVD: CNNVD-201312-065 // NVD: CVE-2013-6702

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66704 // JVNDB: JVNDB-2013-005355 // NVD: CVE-2013-6702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-065

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-065

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005355

PATCH
title:Cisco ONS 15454 Controller Card Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6702
Trust: 0.8
title:31999url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31999
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005355

EXTERNAL IDS
db:NVDid:CVE-2013-6702
Trust: 2.8
db:SECTRACKid:1029421
Trust: 1.1
db:JVNDBid:JVNDB-2013-005355
Trust: 0.8
db:CNNVDid:CNNVD-201312-065
Trust: 0.7
db:CISCOid:20131203 CISCO ONS 15454 CONTROLLER CARD DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:64061
Trust: 0.4
db:VULHUBid:VHN-66704
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66704 // 
            
            
            
            BID: 64061 // 
            
            
            
            JVNDB: JVNDB-2013-005355 // 
            
            
            
            CNNVD: CNNVD-201312-065 // 
            
            
            
            NVD: CVE-2013-6702

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6702
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31999
Trust: 1.7
url:http://www.securitytracker.com/id/1029421
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6702
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6702
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66704 // 
            
            
            
            BID: 64061 // 
            
            
            
            JVNDB: JVNDB-2013-005355 // 
            
            
            
            CNNVD: CNNVD-201312-065 // 
            
            
            
            NVD: CVE-2013-6702

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64061

SOURCES
db:VULHUBid:VHN-66704
db:BIDid:64061
db:JVNDBid:JVNDB-2013-005355
db:CNNVDid:CNNVD-201312-065
db:NVDid:CVE-2013-6702

LAST UPDATE DATE
2024-11-23T22:13:50.462000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66704date:2016-09-15T00:00:00
db:BIDid:64061date:2013-12-11T01:17:00
db:JVNDBid:JVNDB-2013-005355date:2013-12-06T00:00:00
db:CNNVDid:CNNVD-201312-065date:2013-12-06T00:00:00
db:NVDid:CVE-2013-6702date:2024-11-21T01:59:34.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-66704date:2013-12-04T00:00:00
db:BIDid:64061date:2013-12-04T00:00:00
db:JVNDBid:JVNDB-2013-005355date:2013-12-06T00:00:00
db:CNNVDid:CNNVD-201312-065date:2013-12-06T00:00:00
db:NVDid:CVE-2013-6702date:2013-12-04T18:56:56.617