Details of VAR-201407-0013

ID

VAR-201407-0013

CVE

CVE-2013-6691

TITLE

Cisco Adaptive Security Appliance Software WebVPN CIFS Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-006614

DESCRIPTION

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344. Attackers can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuj83344

Trust: 1.98

sources: NVD: CVE-2013-6691 // JVNDB: JVNDB-2013-006614 // BID: 68517 // VULHUB: VHN-66693

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.0\(4.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.0(.4.1)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.3.8\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.3.6\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.2.10\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.4.1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.4\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0\(.1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.1.3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 0.6

sources: JVNDB: JVNDB-2013-006614 // CNNVD: CNNVD-201407-307 // NVD: CVE-2013-6691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6691
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6691
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201407-307
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66693
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6691
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66693
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66693 // JVNDB: JVNDB-2013-006614 // CNNVD: CNNVD-201407-307 // NVD: CVE-2013-6691

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-66693 // JVNDB: JVNDB-2013-006614 // NVD: CVE-2013-6691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-307

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201407-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006614

PATCH

title:	Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6691	Trust: 0.8
title:	34921	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34921	Trust: 0.8

sources: JVNDB: JVNDB-2013-006614

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6691	Trust: 2.8
db:	BID	id:	68517	Trust: 1.4
db:	SECTRACK	id:	1030565	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-006614	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-307	Trust: 0.7
db:	VULHUB	id:	VHN-66693	Trust: 0.1

sources: VULHUB: VHN-66693 // BID: 68517 // JVNDB: JVNDB-2013-006614 // CNNVD: CNNVD-201407-307 // NVD: CVE-2013-6691

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6691	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34921	Trust: 1.7
url:	http://www.securityfocus.com/bid/68517	Trust: 1.1
url:	http://www.securitytracker.com/id/1030565	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/94459	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6691	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6691	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66693 // BID: 68517 // JVNDB: JVNDB-2013-006614 // CNNVD: CNNVD-201407-307 // NVD: CVE-2013-6691

CREDITS

Cisco

Trust: 0.3

sources: BID: 68517

SOURCES

db:	VULHUB	id:	VHN-66693
db:	BID	id:	68517
db:	JVNDB	id:	JVNDB-2013-006614
db:	CNNVD	id:	CNNVD-201407-307
db:	NVD	id:	CVE-2013-6691

LAST UPDATE DATE

2024-11-23T22:59:40.370000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66693	date:	2020-01-21T00:00:00
db:	BID	id:	68517	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-006614	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-307	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2013-6691	date:	2024-11-21T01:59:33.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66693	date:	2014-07-14T00:00:00
db:	BID	id:	68517	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-006614	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-307	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2013-6691	date:	2014-07-14T21:55:05.437