Details of VAR-201304-0172

ID

VAR-201304-0172

CVE

CVE-2013-1217

TITLE

Cisco IOS of Generic Input/Output Service disruption in control implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002462

DESCRIPTION

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is an operation and maintenance system developed by Cisco Systems for its network devices. A common vulnerability exists in the general purpose input/output control mechanism of Cisco IOS devices, allowing authenticated remote attackers to exploit vulnerabilities to overload the Supervisor Engine or device. The vulnerability is due to incorrect buffer handling, which could be triggered by an attacker submitting multiple simultaneous SNMP requests to the affected system. Cisco IOS is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a reload of the Supervisor Engine or the device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub41105

Trust: 2.52

sources: NVD: CVE-2013-1217 // JVNDB: JVNDB-2013-002462 // CNVD: CNVD-2013-04106 // BID: 59357 // VULHUB: VHN-61219

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04106

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ios 15.0 sqa	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2013-04106 // BID: 59357 // JVNDB: JVNDB-2013-002462 // CNNVD: CNNVD-201304-478 // NVD: CVE-2013-1217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1217
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1217
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-04106
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201304-478
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61219
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1217
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04106
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61219
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-04106 // VULHUB: VHN-61219 // JVNDB: JVNDB-2013-002462 // CNNVD: CNNVD-201304-478 // NVD: CVE-2013-1217

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-61219 // JVNDB: JVNDB-2013-002462 // NVD: CVE-2013-1217

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-478

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201304-478

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002462

PATCH

title:	Generic Input/Output SNMP Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1217	Trust: 0.8
title:	29048	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29048	Trust: 0.8
title:	Patch for Cisco IOS Universal Input/Output SNMP Query Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/33593	Trust: 0.6

sources: CNVD: CNVD-2013-04106 // JVNDB: JVNDB-2013-002462

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1217	Trust: 3.4
db:	BID	id:	59357	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002462	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-478	Trust: 0.7
db:	CNVD	id:	CNVD-2013-04106	Trust: 0.6
db:	SECUNIA	id:	53172	Trust: 0.6
db:	CISCO	id:	20130419 GENERIC INPUT/OUTPUT SNMP VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61219	Trust: 0.1

sources: CNVD: CNVD-2013-04106 // VULHUB: VHN-61219 // BID: 59357 // JVNDB: JVNDB-2013-002462 // CNNVD: CNNVD-201304-478 // NVD: CVE-2013-1217

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1217	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1217	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1217	Trust: 0.8
url:	http://secunia.com/advisories/53172	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29048	Trust: 0.3

sources: CNVD: CNVD-2013-04106 // VULHUB: VHN-61219 // BID: 59357 // JVNDB: JVNDB-2013-002462 // CNNVD: CNNVD-201304-478 // NVD: CVE-2013-1217

CREDITS

Cisco

Trust: 0.3

sources: BID: 59357

SOURCES

db:	CNVD	id:	CNVD-2013-04106
db:	VULHUB	id:	VHN-61219
db:	BID	id:	59357
db:	JVNDB	id:	JVNDB-2013-002462
db:	CNNVD	id:	CNNVD-201304-478
db:	NVD	id:	CVE-2013-1217

LAST UPDATE DATE

2025-04-11T23:01:51.048000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04106	date:	2013-04-25T00:00:00
db:	VULHUB	id:	VHN-61219	date:	2013-04-24T00:00:00
db:	BID	id:	59357	date:	2013-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-002462	date:	2013-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201304-478	date:	2013-04-25T00:00:00
db:	NVD	id:	CVE-2013-1217	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04106	date:	2013-04-25T00:00:00
db:	VULHUB	id:	VHN-61219	date:	2013-04-24T00:00:00
db:	BID	id:	59357	date:	2013-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-002462	date:	2013-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201304-478	date:	2013-04-23T00:00:00
db:	NVD	id:	CVE-2013-1217	date:	2013-04-24T10:28:37.933