Sign-up

ID

VAR-201312-0453


CVE

CVE-2013-6704


TITLE

Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005345

DESCRIPTION

Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS XE Software. An attacker can exploit the vulnerability to consume excess memory and cause the device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh09324 and CSCty42686. The vulnerability is caused by the program not properly freeing memory

Trust: 2.52

sources: NVD: CVE-2013-6704 // JVNDB: JVNDB-2013-005345 // CNVD: CNVD-2014-00054 // BID: 64062 // VULHUB: VHN-66706

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00054

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xescope:lteversion:3.4sg(.2)

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe software 3.4sg.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.4sg.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3xo.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3sg.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2xo.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2se.1scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2014-00054 // BID: 64062 // JVNDB: JVNDB-2013-005345 // CNNVD: CNNVD-201312-050 // NVD: CVE-2013-6704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6704
value: HIGH

Trust: 1.0

NVD: CVE-2013-6704
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00054
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201312-050
value: HIGH

Trust: 0.6

VULHUB: VHN-66706
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6704
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00054
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66706
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00054 // VULHUB: VHN-66706 // JVNDB: JVNDB-2013-005345 // CNNVD: CNNVD-201312-050 // NVD: CVE-2013-6704

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-66706 // JVNDB: JVNDB-2013-005345 // NVD: CVE-2013-6704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-050

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201312-050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005345

PATCH
title:Cisco IOS XE Software TFTP Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6704
Trust: 0.8
title:32002url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32002
Trust: 0.8
title:Patch for Cisco IOS XE Software TFTP Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/42136
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00054 // 
            
            
            
            JVNDB: JVNDB-2013-005345

EXTERNAL IDS
db:NVDid:CVE-2013-6704
Trust: 3.4
db:SECTRACKid:1029424
Trust: 1.1
db:BIDid:64062
Trust: 1.0
db:JVNDBid:JVNDB-2013-005345
Trust: 0.8
db:CNNVDid:CNNVD-201312-050
Trust: 0.7
db:CNVDid:CNVD-2014-00054
Trust: 0.6
db:CISCOid:20131203 CISCO IOS XE SOFTWARE TFTP DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66706
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00054 // 
            
            
            
            VULHUB: VHN-66706 // 
            
            
            
            BID: 64062 // 
            
            
            
            JVNDB: JVNDB-2013-005345 // 
            
            
            
            CNNVD: CNNVD-201312-050 // 
            
            
            
            NVD: CVE-2013-6704

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6704
Trust: 2.6
url:http://www.securitytracker.com/id/1029424
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6704
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6704
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://tools.cisco.com/bugsearch/bug/cscuj03174
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00054 // 
            
            
            
            VULHUB: VHN-66706 // 
            
            
            
            BID: 64062 // 
            
            
            
            JVNDB: JVNDB-2013-005345 // 
            
            
            
            CNNVD: CNNVD-201312-050 // 
            
            
            
            NVD: CVE-2013-6704

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64062

SOURCES
db:CNVDid:CNVD-2014-00054
db:VULHUBid:VHN-66706
db:BIDid:64062
db:JVNDBid:JVNDB-2013-005345
db:CNNVDid:CNNVD-201312-050
db:NVDid:CVE-2013-6704

LAST UPDATE DATE
2024-11-23T22:35:18.100000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00054date:2014-01-06T00:00:00
db:VULHUBid:VHN-66706date:2016-09-15T00:00:00
db:BIDid:64062date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005345date:2013-12-04T00:00:00
db:CNNVDid:CNNVD-201312-050date:2013-12-05T00:00:00
db:NVDid:CVE-2013-6704date:2024-11-21T01:59:35.103

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00054date:2014-01-06T00:00:00
db:VULHUBid:VHN-66706date:2013-12-03T00:00:00
db:BIDid:64062date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005345date:2013-12-04T00:00:00
db:CNNVDid:CNNVD-201312-050date:2013-12-05T00:00:00
db:NVDid:CVE-2013-6704date:2013-12-03T19:56:32.327