Details of VAR-201401-0162

ID

VAR-201401-0162

CVE

CVE-2013-6982

TITLE

Cisco NX-OS BGP Message Denial of Service Vulnerability

Trust: 0.9

sources: BID: 64670 // CNNVD: CNNVD-201401-066

DESCRIPTION

The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. This issue is being tracked by Cisco Bug ID CSCuj03174. There is a denial of service vulnerability in the Border Gateway Protocol (BGP) function of Cisco NX-OS Software 6.2(2a) and earlier versions

Trust: 2.52

sources: NVD: CVE-2013-6982 // JVNDB: JVNDB-2014-001008 // CNVD: CNVD-2014-00118 // BID: 64670 // VULHUB: VHN-66984

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00118

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(5\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(3\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(4\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(2b\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n1\(1a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u4\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	6.2\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(1d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2.\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(8\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)sv1\(4a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(6\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)sv1\(5.1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(7\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(3a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(0\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(6\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1e\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(9\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(0\)n1\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)sv1\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(0\)n1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	6.2(2a)	Trust: 0.8
vendor:	cisco	model:	nx-os software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-00118 // BID: 64670 // JVNDB: JVNDB-2014-001008 // CNNVD: CNNVD-201401-066 // NVD: CVE-2013-6982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6982
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6982
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00118
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-066
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66984
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6982
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00118
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-66984
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00118 // VULHUB: VHN-66984 // JVNDB: JVNDB-2014-001008 // CNNVD: CNNVD-201401-066 // NVD: CVE-2013-6982

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66984 // JVNDB: JVNDB-2014-001008 // NVD: CVE-2013-6982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-066

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-066

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001008

PATCH

title:	Cisco NX-OS Software Crafted Border Gateway Protocol Update Message Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6982	Trust: 0.8
title:	32325	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32325	Trust: 0.8
title:	Cisco NX-OS Specialized BGP Update Message Handling Patch for Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/42161	Trust: 0.6

sources: CNVD: CNVD-2014-00118 // JVNDB: JVNDB-2014-001008

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6982	Trust: 3.4
db:	BID	id:	64670	Trust: 2.6
db:	SECUNIA	id:	56169	Trust: 1.1
db:	OSVDB	id:	101713	Trust: 1.1
db:	SECTRACK	id:	1029568	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001008	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-066	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00118	Trust: 0.6
db:	CISCO	id:	20140106 CISCO NX-OS SOFTWARE CRAFTED BORDER GATEWAY PROTOCOL UPDATE MESSAGE DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-66984	Trust: 0.1

sources: CNVD: CNVD-2014-00118 // VULHUB: VHN-66984 // BID: 64670 // JVNDB: JVNDB-2014-001008 // CNNVD: CNNVD-201401-066 // NVD: CVE-2013-6982

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32325	Trust: 2.3
url:	http://www.securityfocus.com/bid/64670	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6982	Trust: 1.7
url:	http://osvdb.org/101713	Trust: 1.1
url:	http://www.securitytracker.com/id/1029568	Trust: 1.1
url:	http://secunia.com/advisories/56169	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90119	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6982	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6982	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2014-00118 // VULHUB: VHN-66984 // BID: 64670 // JVNDB: JVNDB-2014-001008 // CNNVD: CNNVD-201401-066 // NVD: CVE-2013-6982

CREDITS

Cisco

Trust: 0.9

sources: BID: 64670 // CNNVD: CNNVD-201401-066

SOURCES

db:	CNVD	id:	CNVD-2014-00118
db:	VULHUB	id:	VHN-66984
db:	BID	id:	64670
db:	JVNDB	id:	JVNDB-2014-001008
db:	CNNVD	id:	CNNVD-201401-066
db:	NVD	id:	CVE-2013-6982

LAST UPDATE DATE

2024-11-23T22:31:21.562000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00118	date:	2014-01-08T00:00:00
db:	VULHUB	id:	VHN-66984	date:	2017-08-29T00:00:00
db:	BID	id:	64670	date:	2013-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-001008	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-066	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2013-6982	date:	2024-11-21T02:00:06.167

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00118	date:	2014-01-08T00:00:00
db:	VULHUB	id:	VHN-66984	date:	2014-01-08T00:00:00
db:	BID	id:	64670	date:	2013-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-001008	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-066	date:	2013-12-29T00:00:00
db:	NVD	id:	CVE-2013-6982	date:	2014-01-08T21:55:06.193