Details of VAR-201302-0393

ID

VAR-201302-0393

CVE

CVE-2013-1135

TITLE

Cisco Prime Central for HCS Assurance Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-005960

DESCRIPTION

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources, potentially denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuc07155. Cisco Prime Central for HCS Assurance 8.6 and 9.0 are vulnerable. The platform provides functions such as secure access authentication and real-time fault analysis

Trust: 1.98

sources: NVD: CVE-2013-1135 // JVNDB: JVNDB-2012-005960 // BID: 58206 // VULHUB: VHN-61137

AFFECTED PRODUCTS

vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	prime central for hcs assurance	scope:	eq	version:	8.6	Trust: 0.8
vendor:	cisco	model:	prime central for hcs assurance	scope:	eq	version:	9.0	Trust: 0.8

sources: JVNDB: JVNDB-2012-005960 // CNNVD: CNNVD-201302-603 // NVD: CVE-2013-1135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1135
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1135
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201302-603
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61137
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1135
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61137
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61137 // JVNDB: JVNDB-2012-005960 // CNNVD: CNNVD-201302-603 // NVD: CVE-2013-1135

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61137 // JVNDB: JVNDB-2012-005960 // NVD: CVE-2013-1135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-603

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201302-603

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005960

PATCH

title:	cisco-sa-20130227-hcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs	Trust: 0.8
title:	Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Issue	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1135	Trust: 0.8
title:	cisco-sa-20130227-hcs	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117489_cisco-sa-20130227-hcs-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2012-005960

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1135	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-005960	Trust: 0.8
db:	CNNVD	id:	CNNVD-201302-603	Trust: 0.7
db:	CISCO	id:	20130227 CISCO PRIME CENTRAL FOR HOSTED COLLABORATION SOLUTION ASSURANCE EXCESSIVE CPU UTILIZATION VULNERABILITY	Trust: 0.6
db:	BID	id:	58206	Trust: 0.4
db:	VULHUB	id:	VHN-61137	Trust: 0.1

sources: VULHUB: VHN-61137 // BID: 58206 // JVNDB: JVNDB-2012-005960 // CNNVD: CNNVD-201302-603 // NVD: CVE-2013-1135

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130227-hcs	Trust: 2.0
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1135	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1135	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1135	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps12491/index.html	Trust: 0.3

sources: VULHUB: VHN-61137 // BID: 58206 // JVNDB: JVNDB-2012-005960 // CNNVD: CNNVD-201302-603 // NVD: CVE-2013-1135

CREDITS

Cisco

Trust: 0.3

sources: BID: 58206

SOURCES

db:	VULHUB	id:	VHN-61137
db:	BID	id:	58206
db:	JVNDB	id:	JVNDB-2012-005960
db:	CNNVD	id:	CNNVD-201302-603
db:	NVD	id:	CVE-2013-1135

LAST UPDATE DATE

2025-04-11T22:56:00.377000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61137	date:	2013-03-23T00:00:00
db:	BID	id:	58206	date:	2013-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-005960	date:	2013-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201302-603	date:	2013-03-05T00:00:00
db:	NVD	id:	CVE-2013-1135	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61137	date:	2013-02-27T00:00:00
db:	BID	id:	58206	date:	2013-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-005960	date:	2013-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201302-603	date:	2013-02-28T00:00:00
db:	NVD	id:	CVE-2013-1135	date:	2013-02-27T21:55:04.230