CiscoCISCO-SA-20131009-CVE-2013-5506Cisco Firewall Services Module Command Authorization Vulnerability
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
64.8%
A vulnerability in the authorization code of the Cisco Firewall Services Module (FWSM) could allow an authenticated but unprivileged, local attacker to delete, modify, or view the configuration of any other context of the affected system.
The vulnerability is due to insufficient authorization safeguards of certain administrative commands in a user context when the affected system is configured for multiple context mode. An attacker could exploit this vulnerability by executing certain commands in any of the user contexts of the affected system.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
Only an attacker who could log in locally to the affected device could exploit the vulnerability, decreasing the potential source of attacks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | firewall_services_module | any | cpe:2.3:h:cisco:firewall_services_module:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
64.8%