Vulnerability CVE-2013-1241


Published: 2013-05-08

Description:
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.

Type:

CWE-287

(Improper Authentication)

Vendor: Cisco
Product: 1921 integrated services router 
Product: 1941 integrated services router 
Product: 1941w integrated services router 
Product: 2901 integrated services router 
Product: 2911 integrated services router 
Product: 2921 integrated services router 
Product: 2951 integrated services router 
Product: 3925 integrated services router 
Product: 3925e integrated services router 
Product: 3945 integrated services router 
Product: 3945e integrated services router 
Product: 861 integrated services router 
Product: 867 integrated services router 
Product: 880 3g integrated services router 
Product: 881 integrated services router 
Product: 886 integrated services router 
Product: 886va-w integrated services router 
Product: 886va integrated services router 
Product: 887 integrated services router 
Product: 887v integrated services router 
Product: 887va-w integrated services router 
Product: 887va integrated services router 
Product: 888 integrated services router 
Product: 891 integrated services router 
Product: 892 integrated services router 
Product: C881w integrated services router 
Product: IOS 

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
6.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1241

Related CVE
CVE-2017-12372
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12371
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12370
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12369
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user w...
CVE-2017-12368
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12367
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a us...
CVE-2017-12366
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some param...
CVE-2017-12365
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to vie...

Copyright 2017, cxsecurity.com

 

Back to Top