Sign-up

ID

VAR-201305-0268


CVE

CVE-2013-1136


TITLE

Cisco Aggregation Services Router Route Processor Run on Cisco IOS Service disruption in (DoS) Vulnerability made into a state

Trust: 0.8

sources: JVNDB: JVNDB-2013-002629

DESCRIPTION

The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to crash the system, resulting in denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCuc52193

Trust: 2.52

sources: NVD: CVE-2013-1136 // JVNDB: JVNDB-2013-002629 // CNVD: CNVD-2013-05401 // BID: 59825 // VULHUB: VHN-61138

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-05401

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:aggregation services router route processorscope:eqversion:2

Trust: 0.8

vendor:ciscomodel:iosscope:lteversion:15.3(1)t

Trust: 0.8

vendor:ciscomodel:iosscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.3 sscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.3tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s1scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2013-05401 // BID: 59825 // JVNDB: JVNDB-2013-002629 // CNNVD: CNNVD-201305-229 // NVD: CVE-2013-1136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1136
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1136
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-05401
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201305-229
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61138
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1136
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-05401
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61138
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-05401 // VULHUB: VHN-61138 // JVNDB: JVNDB-2013-002629 // CNNVD: CNNVD-201305-229 // NVD: CVE-2013-1136

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-61138 // JVNDB: JVNDB-2013-002629 // NVD: CVE-2013-1136

THREAT TYPE

local

Trust: 0.9

sources: BID: 59825 // CNNVD: CNNVD-201305-229

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201305-229

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002629

PATCH
title:Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1136
Trust: 0.8
title:29287url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29287
Trust: 0.8
title:Cisco IOS Aggregation Services Router Processor denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/34006
Trust: 0.6
title:Cisco IOS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186284
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-05401 // 
            
            
            
            JVNDB: JVNDB-2013-002629 // 
            
            
            
            CNNVD: CNNVD-201305-229

EXTERNAL IDS
db:NVDid:CVE-2013-1136
Trust: 3.4
db:BIDid:59825
Trust: 1.0
db:JVNDBid:JVNDB-2013-002629
Trust: 0.8
db:CNNVDid:CNNVD-201305-229
Trust: 0.7
db:CNVDid:CNVD-2013-05401
Trust: 0.6
db:CISCOid:20130510 CISCO ISR ROUTE PROCESSOR 2 DYNAMIC MULTIPOINT VIRTUAL PRIVATE NETWORK VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-61138
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-05401 // 
            
            
            
            VULHUB: VHN-61138 // 
            
            
            
            BID: 59825 // 
            
            
            
            JVNDB: JVNDB-2013-002629 // 
            
            
            
            CNNVD: CNNVD-201305-229 // 
            
            
            
            NVD: CVE-2013-1136

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1136
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1136
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1136
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-05401 // 
            
            
            
            VULHUB: VHN-61138 // 
            
            
            
            BID: 59825 // 
            
            
            
            JVNDB: JVNDB-2013-002629 // 
            
            
            
            CNNVD: CNNVD-201305-229 // 
            
            
            
            NVD: CVE-2013-1136

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 59825

SOURCES
db:CNVDid:CNVD-2013-05401
db:VULHUBid:VHN-61138
db:BIDid:59825
db:JVNDBid:JVNDB-2013-002629
db:CNNVDid:CNNVD-201305-229
db:NVDid:CVE-2013-1136

LAST UPDATE DATE
2025-04-11T23:15:26.383000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-05401date:2013-05-16T00:00:00
db:VULHUBid:VHN-61138date:2013-05-13T00:00:00
db:BIDid:59825date:2013-05-10T00:00:00
db:JVNDBid:JVNDB-2013-002629date:2013-05-14T00:00:00
db:CNNVDid:CNNVD-201305-229date:2022-03-21T00:00:00
db:NVDid:CVE-2013-1136date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-05401date:2013-05-16T00:00:00
db:VULHUBid:VHN-61138date:2013-05-13T00:00:00
db:BIDid:59825date:2013-05-10T00:00:00
db:JVNDBid:JVNDB-2013-002629date:2013-05-14T00:00:00
db:CNNVDid:CNNVD-201305-229date:2013-05-16T00:00:00
db:NVDid:CVE-2013-1136date:2013-05-13T11:50:48.467