Details of VAR-201303-0391

ID

VAR-201303-0391

CVE

CVE-2013-1144

TITLE

Cisco IOS of IKEv1 Service disruption in implementations ( Memory consumption ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002082

DESCRIPTION

Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload or become unresponsive, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCth81055. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2013-1144 // JVNDB: JVNDB-2013-002082 // BID: 58742 // VULHUB: VHN-61146

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.4
vendor:	cisco	model:	ios 15.1gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t	scope:	ne	version:	-	Trust: 0.3

sources: BID: 58742 // JVNDB: JVNDB-2013-002082 // CNNVD: CNNVD-201303-566 // NVD: CVE-2013-1144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1144
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1144
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201303-566
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61146
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1144
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61146
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61146 // JVNDB: JVNDB-2013-002082 // CNNVD: CNNVD-201303-566 // NVD: CVE-2013-1144

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-61146 // JVNDB: JVNDB-2013-002082 // NVD: CVE-2013-1144

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-566

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201303-566

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002082

PATCH

title:	cisco-sa-20130327-ike	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ike	Trust: 0.8
title:	cisco-sa-20130327-ike	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117677_cisco-sa-20130327-ike-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002082

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1144	Trust: 2.8
db:	BID	id:	58742	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002082	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-566	Trust: 0.7
db:	CISCO	id:	20130327 CISCO IOS SOFTWARE INTERNET KEY EXCHANGE VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	52781	Trust: 0.6
db:	VULHUB	id:	VHN-61146	Trust: 0.1

sources: VULHUB: VHN-61146 // BID: 58742 // JVNDB: JVNDB-2013-002082 // CNNVD: CNNVD-201303-566 // NVD: CVE-2013-1144

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130327-ike	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1144	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1144	Trust: 0.8
url:	http://secunia.com/advisories/52781	Trust: 0.6
url:	http://www.securityfocus.com/bid/58742	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61146 // BID: 58742 // JVNDB: JVNDB-2013-002082 // CNNVD: CNNVD-201303-566 // NVD: CVE-2013-1144

CREDITS

Cisco

Trust: 0.9

sources: BID: 58742 // CNNVD: CNNVD-201303-566

SOURCES

db:	VULHUB	id:	VHN-61146
db:	BID	id:	58742
db:	JVNDB	id:	JVNDB-2013-002082
db:	CNNVD	id:	CNNVD-201303-566
db:	NVD	id:	CVE-2013-1144

LAST UPDATE DATE

2025-04-11T23:12:50.555000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61146	date:	2013-04-02T00:00:00
db:	BID	id:	58742	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002082	date:	2013-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201303-566	date:	2013-03-29T00:00:00
db:	NVD	id:	CVE-2013-1144	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61146	date:	2013-03-28T00:00:00
db:	BID	id:	58742	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002082	date:	2013-04-01T00:00:00
db:	CNNVD	id:	CNNVD-201303-566	date:	2013-03-28T00:00:00
db:	NVD	id:	CVE-2013-1144	date:	2013-03-28T23:55:01.580