Sign-up

ID

VAR-201312-0452


CVE

CVE-2013-6703


TITLE

Cisco ONS 15454 Controller card TLS/SSLv3 Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005344

DESCRIPTION

The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCuh34787. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards. The vulnerability is caused by the program not properly filtering TLS/SSLv3 packets

Trust: 1.98

sources: NVD: CVE-2013-6703 // JVNDB: JVNDB-2013-005344 // BID: 64065 // VULHUB: VHN-66705

AFFECTED PRODUCTS

vendor:ciscomodel:ons 15454scope: - version: -

Trust: 1.4

vendor:ciscomodel:ons 15454scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ons system softwarescope:eqversion:154549.8

Trust: 0.3

sources: BID: 64065 // JVNDB: JVNDB-2013-005344 // CNNVD: CNNVD-201312-049 // NVD: CVE-2013-6703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6703
value: HIGH

Trust: 1.0

NVD: CVE-2013-6703
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201312-049
value: HIGH

Trust: 0.6

VULHUB: VHN-66705
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6703
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66705
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66705 // JVNDB: JVNDB-2013-005344 // CNNVD: CNNVD-201312-049 // NVD: CVE-2013-6703

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66705 // JVNDB: JVNDB-2013-005344 // NVD: CVE-2013-6703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-049

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005344

PATCH
title:Cisco ONS 15454 Controller Card Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6703
Trust: 0.8
title:32000url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32000
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005344

EXTERNAL IDS
db:NVDid:CVE-2013-6703
Trust: 2.8
db:SECTRACKid:1029422
Trust: 1.1
db:JVNDBid:JVNDB-2013-005344
Trust: 0.8
db:CNNVDid:CNNVD-201312-049
Trust: 0.7
db:CISCOid:20131203 CISCO ONS 15454 CONTROLLER CARD DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:64065
Trust: 0.4
db:VULHUBid:VHN-66705
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66705 // 
            
            
            
            BID: 64065 // 
            
            
            
            JVNDB: JVNDB-2013-005344 // 
            
            
            
            CNNVD: CNNVD-201312-049 // 
            
            
            
            NVD: CVE-2013-6703

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6703
Trust: 2.0
url:http://www.securitytracker.com/id/1029422
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6703
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6703
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32000
Trust: 0.3
url:http://www.cisco.com/en/us/prod/collateral/optical/ps5724/ps2006/data_sheet_c78-602903.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66705 // 
            
            
            
            BID: 64065 // 
            
            
            
            JVNDB: JVNDB-2013-005344 // 
            
            
            
            CNNVD: CNNVD-201312-049 // 
            
            
            
            NVD: CVE-2013-6703

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64065

SOURCES
db:VULHUBid:VHN-66705
db:BIDid:64065
db:JVNDBid:JVNDB-2013-005344
db:CNNVDid:CNNVD-201312-049
db:NVDid:CVE-2013-6703

LAST UPDATE DATE
2024-11-23T22:13:50.492000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66705date:2016-09-15T00:00:00
db:BIDid:64065date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005344date:2013-12-04T00:00:00
db:CNNVDid:CNNVD-201312-049date:2013-12-05T00:00:00
db:NVDid:CVE-2013-6703date:2024-11-21T01:59:34.987

SOURCES RELEASE DATE
db:VULHUBid:VHN-66705date:2013-12-03T00:00:00
db:BIDid:64065date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005344date:2013-12-04T00:00:00
db:CNNVDid:CNNVD-201312-049date:2013-12-05T00:00:00
db:NVDid:CVE-2013-6703date:2013-12-03T19:56:32.280