Lucene search

CiscoCVE-2013-3445

HistoryJul 29, 2013 - 1:59 p.m.

CVE-2013-3445

2013-07-2913:59:06

CWE-264

cisco

web.nvd.nist.gov

cisco

identity services engine

firewall

vulnerability

remote attackers

denial of service

ip packets

nvd

bug id cscug94572

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572.

Affected configurations

Nvd

Node

ciscoidentity_services_engineMatch-

VendorProductVersionCPE
ciscoidentity_services_engine-cpe:/h:cisco:identity_services_engine:-:::

Vendor	Product	Version	CPE
cisco	identity_services_engine	-	cpe:/h:cisco:identity_services_engine:-:::

References

osvdb.org/95659

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3445

tools.cisco.com/security/center/viewAlert.x?alertId=30217

www.securityfocus.com/bid/61452

www.securitytracker.com/id/1028837

exchange.xforce.ibmcloud.com/vulnerabilities/85982

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Related for CVE-2013-3445