ID
VAR-201303-0399
CVE
CVE-2013-1154
TITLE
Cisco Small Business Switches Denial of Service Vulnerability
Trust: 1.2
DESCRIPTION
The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 and earlier allow remote attackers to cause a denial of service (SSL/TLS layer outage) via malformed (1) SSH or (2) SSL packets, aka Bug ID CSCua30246. The SSH implementation in multiple Cisco products contains a denial-of-service (DoS) vulnerability. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). Cisco Small Business Switches is a small commercial switch device from Cisco. Cisco Small Business Switches has an unspecified error in handling SSH or SSL messages, allowing an attacker to exploit a vulnerability to send a specially crafted message to crash the service, causing a denial of service attack. Successful exploits may allow an attacker to cause denial-of-service conditions. This issue is tracked by Cisco Bug ID CSCua30246
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf302-08p | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-10sfp | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-28mp | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500x-24 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-28p | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sf500-48p | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-50p | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-08 | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sf200-24 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-10 | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-26 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-52p | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500-52p | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf300-48 | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sf200-24p | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-28 | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sf500-24 | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-18 | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sf500-48 | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500-28 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf300-24p | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sf500-24p | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-10mp | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-52mp | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sf200-48p | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-08p | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-50 | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500-28p | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500x-24p | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500x-48p | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-10p | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sg200-26p | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-20 | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches software | scope: | lte | version: | 1.2.7.76 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf302-08mp | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500x-48 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sg300-52 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf300-08 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf300-24 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf302-08 | Trust: 1.0 |
| vendor: | cisco | model: | 500 series stackable managed switches | scope: | eq | version: | sg500-52 | Trust: 1.0 |
| vendor: | cisco | model: | 200 series smart switches | scope: | eq | version: | sf200-48 | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf300-24mp | Trust: 1.0 |
| vendor: | cisco | model: | 300 series managed switches | scope: | eq | version: | sf300-48p | Trust: 1.0 |
| vendor: | cisco | model: | small business 200 series smart switch | scope: | eq | version: | (1.2.7.76 and prior) | Trust: 0.8 |
| vendor: | cisco | model: | small business 200 series smart switch software | scope: | eq | version: | 1.2.7.76 and prior | Trust: 0.8 |
| vendor: | cisco | model: | small business 300 series managed switch | scope: | eq | version: | (1.2.7.76 and prior) | Trust: 0.8 |
| vendor: | cisco | model: | small business 500 series stackable managed switch | scope: | eq | version: | (1.2.7.76 and prior) | Trust: 0.8 |
| vendor: | cisco | model: | small business managed switches series | scope: | eq | version: | 300 | Trust: 0.6 |
| vendor: | cisco | model: | small business smart switches series | scope: | eq | version: | 200 | Trust: 0.6 |
| vendor: | cisco | model: | small business stackable managed series | scope: | eq | version: | 500 | Trust: 0.6 |
| vendor: | cisco | model: | 200 series smart switches software | scope: | eq | version: | 1.2.7.76 | Trust: 0.6 |
| vendor: | cisco | model: | small business series stackable managed switch | scope: | eq | version: | 5001.2.7.76 | Trust: 0.3 |
| vendor: | cisco | model: | small business series managed switch | scope: | eq | version: | 3001.2.7.76 | Trust: 0.3 |
| vendor: | cisco | model: | small business series smart switch | scope: | eq | version: | 2001.2.7.76 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.1 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=27502 | Trust: 0.8 |
| title: | Patch for Cisco Small Business Switches Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/32711 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-1154 | Trust: 3.4 |
| db: | JVN | id: | JVN05132866 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2013-000017 | Trust: 2.5 |
| db: | CNNVD | id: | CNNVD-201303-137 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-01689 | Trust: 0.6 |
| db: | JVN | id: | JVN#05132866 | Trust: 0.6 |
| db: | SECUNIA | id: | 52476 | Trust: 0.6 |
| db: | BID | id: | 58374 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-61156 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=27502 | Trust: 2.6 |
| url: | http://jvn.jp/en/jp/jvn05132866/index.html | Trust: 2.5 |
| url: | http://jvndb.jvn.jp/jvndb/jvndb-2013-000017 | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1154 | Trust: 0.8 |
| url: | http://www.ipa.go.jp/about/press/20130307.html | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1154 | Trust: 0.8 |
| url: | http://secunia.com/advisories/52476 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Hisashi Kojima and Masahiro Nakada, Fujitsu Laboratories LTD
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2013-01689 |
| db: | VULHUB | id: | VHN-61156 |
| db: | BID | id: | 58374 |
| db: | JVNDB | id: | JVNDB-2013-000017 |
| db: | CNNVD | id: | CNNVD-201303-137 |
| db: | NVD | id: | CVE-2013-1154 |
LAST UPDATE DATE
2025-04-11T23:20:36.001000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-01689 | date: | 2013-03-11T00:00:00 |
| db: | VULHUB | id: | VHN-61156 | date: | 2013-03-08T00:00:00 |
| db: | BID | id: | 58374 | date: | 2013-03-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-000017 | date: | 2013-03-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201303-137 | date: | 2013-03-08T00:00:00 |
| db: | NVD | id: | CVE-2013-1154 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-01689 | date: | 2013-03-11T00:00:00 |
| db: | VULHUB | id: | VHN-61156 | date: | 2013-03-07T00:00:00 |
| db: | BID | id: | 58374 | date: | 2013-03-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-000017 | date: | 2013-03-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201303-137 | date: | 2013-03-08T00:00:00 |
| db: | NVD | id: | CVE-2013-1154 | date: | 2013-03-07T20:55:02.313 |