CiscoCISCO-SA-20130919-CVE-2013-5497Cisco IPS Authentication Manager Denial of Service Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
82.7%
A vulnerability in the web framework of Cisco IPS Software could allow an unauthenticated, remote attacker to cause MainApp to hang intermittently due to the authentication manager process creating a denial of service (DoS) condition.
The vulnerability is due to improper handling of user tokens. An attacker could exploit this vulnerability by sending a crafted connection request to the Cisco IPS management interface.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks, in which the targeted device may reside, to send a crafted connection request. This access requirement limits the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | intrusion_prevention_system | any | cpe:2.3:a:cisco:intrusion_prevention_system:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
82.7%