Details of VAR-201312-0455

ID

VAR-201312-0455

CVE

CVE-2013-6707

TITLE

Cisco Adaptive Security Appliance Service disruption in software connection manager implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005387

DESCRIPTION

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. Vendors have confirmed this vulnerability Bug CSCug33233 It is released as.A third party generates multiple management session requests, which disrupts service operation. ( Stop multi-protocol management ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCug33233

Trust: 1.98

sources: NVD: CVE-2013-6707 // JVNDB: JVNDB-2013-005387 // BID: 64148 // VULHUB: VHN-66709

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.1\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.1(.3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3\(6\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(1.7\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.14	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.11	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.56	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.49	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.45	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.43	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.41	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.39	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.38	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.28	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.18	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.17	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.14	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 0.3

sources: BID: 64148 // JVNDB: JVNDB-2013-005387 // CNNVD: CNNVD-201312-101 // NVD: CVE-2013-6707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6707
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6707
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-101
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66709
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6707
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66709
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66709 // JVNDB: JVNDB-2013-005387 // CNNVD: CNNVD-201312-101 // NVD: CVE-2013-6707

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-66709 // JVNDB: JVNDB-2013-005387 // NVD: CVE-2013-6707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-101

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201312-101

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005387

PATCH

title:	Cisco ASA Management Connections Denial of Service	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6707	Trust: 0.8
title:	32065	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32065	Trust: 0.8
title:	Cisco ASA connection-manager Repair measures for memory leaks	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193760	Trust: 0.6

sources: JVNDB: JVNDB-2013-005387 // CNNVD: CNNVD-201312-101

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6707	Trust: 2.8
db:	BID	id:	64148	Trust: 2.0
db:	SECTRACK	id:	1029441	Trust: 1.7
db:	OSVDB	id:	100682	Trust: 1.7
db:	JVNDB	id:	JVNDB-2013-005387	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-101	Trust: 0.7
db:	VULHUB	id:	VHN-66709	Trust: 0.1

sources: VULHUB: VHN-66709 // BID: 64148 // JVNDB: JVNDB-2013-005387 // CNNVD: CNNVD-201312-101 // NVD: CVE-2013-6707

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32065	Trust: 2.0
url:	http://www.securityfocus.com/bid/64148	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6707	Trust: 1.7
url:	http://osvdb.org/100682	Trust: 1.7
url:	http://www.securitytracker.com/id/1029441	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89442	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6707	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6707	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66709 // BID: 64148 // JVNDB: JVNDB-2013-005387 // CNNVD: CNNVD-201312-101 // NVD: CVE-2013-6707

CREDITS

Cisco

Trust: 0.3

sources: BID: 64148

SOURCES

db:	VULHUB	id:	VHN-66709
db:	BID	id:	64148
db:	JVNDB	id:	JVNDB-2013-005387
db:	CNNVD	id:	CNNVD-201312-101
db:	NVD	id:	CVE-2013-6707

LAST UPDATE DATE

2024-11-23T22:42:38.890000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66709	date:	2017-08-29T00:00:00
db:	BID	id:	64148	date:	2013-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-005387	date:	2013-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201312-101	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2013-6707	date:	2024-11-21T01:59:35.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66709	date:	2013-12-07T00:00:00
db:	BID	id:	64148	date:	2013-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-005387	date:	2013-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201312-101	date:	2013-12-11T00:00:00
db:	NVD	id:	CVE-2013-6707	date:	2013-12-07T05:33:32.333