Vulnerability CVE-2013-1241


Published: 2013-05-08

Description:
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.

Type:

CWE-287

(Improper Authentication)

Vendor: Cisco
Product: 2921 integrated services router 
Product: 1921 integrated services router 
Product: 888 integrated services router 
Product: 886va integrated services router 
Product: 867 integrated services router 
Product: 3925 integrated services router 
Product: 1941w integrated services router 
Product: 892 integrated services router 
Product: 887v integrated services router 
Product: 881 integrated services router 
Product: 3945 integrated services router 
Product: 2911 integrated services router 
Product: IOS 
Product: 887va integrated services router 
Product: 886va-w integrated services router 
Product: 861 integrated services router 
Product: 2951 integrated services router 
Product: 1941 integrated services router 
Product: 891 integrated services router 
Product: 887 integrated services router 
Product: 880 3g integrated services router 
Product: 3925e integrated services router 
Product: 2901 integrated services router 
Product: C881w integrated services router 
Product: 887va-w integrated services router 
Product: 886 integrated services router 
Product: 3945e integrated services router 

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
6.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1241

Related CVE
CVE-2018-0428
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerabili...
CVE-2018-0427
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-suppli...
CVE-2018-0419
A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper ...
CVE-2018-0418
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device...
CVE-2018-0415
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticat...
CVE-2018-0412
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthentic...
CVE-2018-0410
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. T...
CVE-2018-0386
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input tha...

Copyright 2018, cxsecurity.com

 

Back to Top