Details of VAR-201303-0394

ID

VAR-201303-0394

CVE

CVE-2013-1147

TITLE

Cisco IOS of Protocol Translation (PT) Service disruption in functionality ( Device reload ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002085

DESCRIPTION

The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999. Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to reload affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtz35999. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2013-1147 // JVNDB: JVNDB-2013-002085 // BID: 58740 // VULHUB: VHN-61149

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3 to 12.4	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.3	Trust: 0.8
vendor:	cisco	model:	ios 15.1gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4yb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4ya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xv	Trust: 0.3
vendor:	cisco	model:	ios 12.4xt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4sw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4mrb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3za	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ys	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ym	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3xx	Trust: 0.3
vendor:	cisco	model:	ios 12.3xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1m	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0m	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xn	scope:	ne	version:	-	Trust: 0.3

sources: BID: 58740 // JVNDB: JVNDB-2013-002085 // CNNVD: CNNVD-201303-568 // NVD: CVE-2013-1147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1147
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1147
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201303-568
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61149
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1147
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61149
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61149 // JVNDB: JVNDB-2013-002085 // CNNVD: CNNVD-201303-568 // NVD: CVE-2013-1147

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-61149 // JVNDB: JVNDB-2013-002085 // NVD: CVE-2013-1147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-568

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201303-568

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002085

PATCH

title:	cisco-sa-20130327-pt	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt	Trust: 0.8
title:	Cisco IOS Software Protocol Translation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1147	Trust: 0.8
title:	28649	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28649	Trust: 0.8
title:	cisco-sa-20130327-pt	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117672_cisco-sa-20130327-pt-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002085

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1147	Trust: 2.8
db:	BID	id:	58740	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002085	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-568	Trust: 0.7
db:	CISCO	id:	20130327 CISCO IOS SOFTWARE PROTOCOL TRANSLATION VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	52785	Trust: 0.6
db:	VULHUB	id:	VHN-61149	Trust: 0.1

sources: VULHUB: VHN-61149 // BID: 58740 // JVNDB: JVNDB-2013-002085 // CNNVD: CNNVD-201303-568 // NVD: CVE-2013-1147

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130327-pt	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1147	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1147	Trust: 0.8
url:	http://secunia.com/advisories/52785	Trust: 0.6
url:	http://www.securityfocus.com/bid/58740	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61149 // BID: 58740 // JVNDB: JVNDB-2013-002085 // CNNVD: CNNVD-201303-568 // NVD: CVE-2013-1147

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 58740

SOURCES

db:	VULHUB	id:	VHN-61149
db:	BID	id:	58740
db:	JVNDB	id:	JVNDB-2013-002085
db:	CNNVD	id:	CNNVD-201303-568
db:	NVD	id:	CVE-2013-1147

LAST UPDATE DATE

2025-04-11T23:17:17.334000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61149	date:	2013-04-02T00:00:00
db:	BID	id:	58740	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002085	date:	2013-04-01T00:00:00
db:	CNNVD	id:	CNNVD-201303-568	date:	2013-04-02T00:00:00
db:	NVD	id:	CVE-2013-1147	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61149	date:	2013-03-28T00:00:00
db:	BID	id:	58740	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002085	date:	2013-04-01T00:00:00
db:	CNNVD	id:	CNNVD-201303-568	date:	2013-03-28T00:00:00
db:	NVD	id:	CVE-2013-1147	date:	2013-03-28T23:55:01.627