Details of VAR-201303-0392

ID

VAR-201303-0392

CVE

CVE-2013-1145

TITLE

Cisco IOS Service disruption in ( Memory consumption or device reload ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002083

DESCRIPTION

Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP messages, aka Bug ID CSCtl99174. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload or become unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtl99174. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2013-1145 // JVNDB: JVNDB-2013-002083 // BID: 58741 // VULHUB: VHN-61147

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.19	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.7	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.6	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.5	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.4	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.3	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.2	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.3.1	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.2.8	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.2.4	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.1.16	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.1.15	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.1.13	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.1.7	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.0.20.3	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.0.17	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.0.12	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.3.16	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.3.4.3	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.3.4.2	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.3.3.4	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.3.3.3	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.3	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.1	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	10.3	Trust: 0.3

sources: BID: 58741 // JVNDB: JVNDB-2013-002083 // CNNVD: CNNVD-201303-567 // NVD: CVE-2013-1145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1145
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1145
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201303-567
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61147
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1145
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61147
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61147 // JVNDB: JVNDB-2013-002083 // CNNVD: CNNVD-201303-567 // NVD: CVE-2013-1145

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-61147 // JVNDB: JVNDB-2013-002083 // NVD: CVE-2013-1145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-567

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201303-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002083

PATCH

title:	cisco-sa-20130327-cce	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-cce	Trust: 0.8
title:	Cisco IOS Software Memory Leak Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1145	Trust: 0.8
title:	28647	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28647	Trust: 0.8
title:	cisco-sa-20130327-cce	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117676_cisco-sa-20130327-cce-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002083

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1145	Trust: 2.8
db:	BID	id:	58741	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002083	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-567	Trust: 0.7
db:	CISCO	id:	20130327 CISCO IOS SOFTWARE ZONE-BASED POLICY FIREWALL SESSION INITIATION PROTOCOL INSPECTION DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	52787	Trust: 0.6
db:	VULHUB	id:	VHN-61147	Trust: 0.1

sources: VULHUB: VHN-61147 // BID: 58741 // JVNDB: JVNDB-2013-002083 // CNNVD: CNNVD-201303-567 // NVD: CVE-2013-1145

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130327-cce	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1145	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1145	Trust: 0.8
url:	http://secunia.com/advisories/52787	Trust: 0.6
url:	http://www.securityfocus.com/bid/58741	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61147 // BID: 58741 // JVNDB: JVNDB-2013-002083 // CNNVD: CNNVD-201303-567 // NVD: CVE-2013-1145

CREDITS

csico

Trust: 0.9

sources: BID: 58741 // CNNVD: CNNVD-201303-567

SOURCES

db:	VULHUB	id:	VHN-61147
db:	BID	id:	58741
db:	JVNDB	id:	JVNDB-2013-002083
db:	CNNVD	id:	CNNVD-201303-567
db:	NVD	id:	CVE-2013-1145

LAST UPDATE DATE

2025-04-11T23:16:38.294000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61147	date:	2013-04-02T00:00:00
db:	BID	id:	58741	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002083	date:	2013-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201303-567	date:	2013-03-29T00:00:00
db:	NVD	id:	CVE-2013-1145	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61147	date:	2013-03-28T00:00:00
db:	BID	id:	58741	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002083	date:	2013-04-01T00:00:00
db:	CNNVD	id:	CNNVD-201303-567	date:	2013-03-28T00:00:00
db:	NVD	id:	CVE-2013-1145	date:	2013-03-28T23:55:01.597