Sign-up

ID

VAR-201312-0454


CVE

CVE-2013-6705


TITLE

Cisco IOS and IOS XE of IP Device Tracking Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005346

DESCRIPTION

The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is due to IPDT AVL corruption. Sending a special ARP packet to the affected device can trigger the vulnerability and overload the device. Cisco IOS and IOS XE Software are prone to a remote denial-of-service vulnerability. Successful exploits may allow attackers to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh38133

Trust: 2.52

sources: NVD: CVE-2013-6705 // JVNDB: JVNDB-2013-005346 // CNVD: CNVD-2013-14871 // BID: 64063 // VULHUB: VHN-66707

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14871

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2013-14871 // JVNDB: JVNDB-2013-005346 // CNNVD: CNNVD-201312-051 // NVD: CVE-2013-6705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6705
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6705
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14871
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201312-051
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66707
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6705
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14871
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66707
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14871 // VULHUB: VHN-66707 // JVNDB: JVNDB-2013-005346 // CNNVD: CNNVD-201312-051 // NVD: CVE-2013-6705

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66707 // JVNDB: JVNDB-2013-005346 // NVD: CVE-2013-6705

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201312-051

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-051

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005346

PATCH
title:Cisco IOS Software IP Device Tracking Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6705
Trust: 0.8
title:Patch for Cisco IOS Software IP Device tracking Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41432
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14871 // 
            
            
            
            JVNDB: JVNDB-2013-005346

EXTERNAL IDS
db:NVDid:CVE-2013-6705
Trust: 3.4
db:SECTRACKid:1029423
Trust: 1.1
db:BIDid:64063
Trust: 1.0
db:JVNDBid:JVNDB-2013-005346
Trust: 0.8
db:CNNVDid:CNNVD-201312-051
Trust: 0.7
db:CNVDid:CNVD-2013-14871
Trust: 0.6
db:CISCOid:20131203 CISCO IOS SOFTWARE IP DEVICE TRACKING DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66707
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14871 // 
            
            
            
            VULHUB: VHN-66707 // 
            
            
            
            BID: 64063 // 
            
            
            
            JVNDB: JVNDB-2013-005346 // 
            
            
            
            CNNVD: CNNVD-201312-051 // 
            
            
            
            NVD: CVE-2013-6705

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6705
Trust: 2.3
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuh38133
Trust: 1.2
url:http://www.securitytracker.com/id/1029423
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6705
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6705
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14871 // 
            
            
            
            VULHUB: VHN-66707 // 
            
            
            
            BID: 64063 // 
            
            
            
            JVNDB: JVNDB-2013-005346 // 
            
            
            
            CNNVD: CNNVD-201312-051 // 
            
            
            
            NVD: CVE-2013-6705

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64063

SOURCES
db:CNVDid:CNVD-2013-14871
db:VULHUBid:VHN-66707
db:BIDid:64063
db:JVNDBid:JVNDB-2013-005346
db:CNNVDid:CNNVD-201312-051
db:NVDid:CVE-2013-6705

LAST UPDATE DATE
2024-11-23T22:49:32.892000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14871date:2013-12-05T00:00:00
db:VULHUBid:VHN-66707date:2016-09-15T00:00:00
db:BIDid:64063date:2013-12-10T00:57:00
db:JVNDBid:JVNDB-2013-005346date:2013-12-04T00:00:00
db:CNNVDid:CNNVD-201312-051date:2013-12-05T00:00:00
db:NVDid:CVE-2013-6705date:2024-11-21T01:59:35.210

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14871date:2013-12-05T00:00:00
db:VULHUBid:VHN-66707date:2013-12-03T00:00:00
db:BIDid:64063date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005346date:2013-12-04T00:00:00
db:CNNVDid:CNNVD-201312-051date:2013-12-05T00:00:00
db:NVDid:CVE-2013-6705date:2013-12-03T19:56:32.390