Details of VAR-201303-0396

ID

VAR-201303-0396

CVE

CVE-2013-1161

TITLE

Android for Cisco Jabber IM Application XML Service disruption in parsers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002014

DESCRIPTION

The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383. Successful exploits will allow authenticated attackers to prevent the client to connect, causing a denial of service condition. This issue is being tracked by the Cisco Bug ID CSCue38383

Trust: 1.98

sources: NVD: CVE-2013-1161 // JVNDB: JVNDB-2013-002014 // BID: 58748 // VULHUB: VHN-61163

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber im	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	jabber im	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-002014 // CNNVD: CNNVD-201303-527 // NVD: CVE-2013-1161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1161
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1161
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201303-527
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61163
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1161
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61163
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61163 // JVNDB: JVNDB-2013-002014 // CNNVD: CNNVD-201303-527 // NVD: CVE-2013-1161

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61163 // JVNDB: JVNDB-2013-002014 // NVD: CVE-2013-1161

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-527

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201303-527

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002014

PATCH

title:

Cisco Jabber IM for Android Denial of Service Vulnerability

url:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1161

Trust: 0.8

sources: JVNDB: JVNDB-2013-002014

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1161	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002014	Trust: 0.8
db:	CISCO	id:	20130319 CISCO JABBER IM FOR ANDROID DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-201303-527	Trust: 0.6
db:	BID	id:	58748	Trust: 0.4
db:	VULHUB	id:	VHN-61163	Trust: 0.1

sources: VULHUB: VHN-61163 // BID: 58748 // JVNDB: JVNDB-2013-002014 // CNNVD: CNNVD-201303-527 // NVD: CVE-2013-1161

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1161	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1161	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1161	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps11678/index.html	Trust: 0.3

sources: VULHUB: VHN-61163 // BID: 58748 // JVNDB: JVNDB-2013-002014 // CNNVD: CNNVD-201303-527 // NVD: CVE-2013-1161

CREDITS

Cisco

Trust: 0.3

sources: BID: 58748

SOURCES

db:	VULHUB	id:	VHN-61163
db:	BID	id:	58748
db:	JVNDB	id:	JVNDB-2013-002014
db:	CNNVD	id:	CNNVD-201303-527
db:	NVD	id:	CVE-2013-1161

LAST UPDATE DATE

2025-04-11T23:19:32.285000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61163	date:	2013-03-26T00:00:00
db:	BID	id:	58748	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002014	date:	2013-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201303-527	date:	2013-03-29T00:00:00
db:	NVD	id:	CVE-2013-1161	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61163	date:	2013-03-26T00:00:00
db:	BID	id:	58748	date:	2013-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-002014	date:	2013-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201303-527	date:	2013-03-27T00:00:00
db:	NVD	id:	CVE-2013-1161	date:	2013-03-26T03:42:06.840