Vulnerability CVE-2013-1241


Published: 2013-05-08

Description:
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.

Type:

CWE-287

(Improper Authentication)

Vendor: Cisco
Product: 2921 integrated services router 
Product: 1921 integrated services router 
Product: 888 integrated services router 
Product: 886va integrated services router 
Product: 867 integrated services router 
Product: 3925 integrated services router 
Product: 1941w integrated services router 
Product: 892 integrated services router 
Product: 887v integrated services router 
Product: 881 integrated services router 
Product: 3945 integrated services router 
Product: 2911 integrated services router 
Product: IOS 
Product: 887va integrated services router 
Product: 886va-w integrated services router 
Product: 861 integrated services router 
Product: 2951 integrated services router 
Product: 1941 integrated services router 
Product: 891 integrated services router 
Product: 887 integrated services router 
Product: 880 3g integrated services router 
Product: 3925e integrated services router 
Product: 2901 integrated services router 
Product: C881w integrated services router 
Product: 887va-w integrated services router 
Product: 886 integrated services router 
Product: 3945e integrated services router 

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
6.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1241

Related CVE
CVE-2018-0328
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected ...
CVE-2018-0327
A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability i...
CVE-2018-0326
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to ins...
CVE-2018-0325
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) conditi...
CVE-2018-0324
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of comma...
CVE-2018-0323
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient va...
CVE-2018-0297
A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is...
CVE-2018-0290
A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the a...

Copyright 2018, cxsecurity.com

 

Back to Top