Sign-up

ID

VAR-201307-0223


CVE

CVE-2013-3436


TITLE

Cisco IOS of GET VPN Vulnerability that bypasses the encryption policy in the default settings of features

Trust: 0.8

sources: JVNDB: JVNDB-2013-003464

DESCRIPTION

The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. Vendors have confirmed this vulnerability Bug ID CSCui07698 It is released as.By a third party UDP port 848 Could bypass the encryption policy. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS is prone to a security-bypass vulnerability. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions on the affected device. This issue is being tracked by Cisco Bug ID CSCui07698. This solution is mainly used to encrypt data transmitted over a wide area network

Trust: 2.52

sources: NVD: CVE-2013-3436 // JVNDB: JVNDB-2013-003464 // CNVD: CNVD-2013-10446 // BID: 61362 // VULHUB: VHN-63438

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-10446

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 1.4

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-10446 // BID: 61362 // JVNDB: JVNDB-2013-003464 // CNNVD: CNNVD-201307-429 // NVD: CVE-2013-3436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3436
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3436
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-10446
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201307-429
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63438
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3436
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-10446
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63438
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-10446 // VULHUB: VHN-63438 // JVNDB: JVNDB-2013-003464 // CNNVD: CNNVD-201307-429 // NVD: CVE-2013-3436

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63438 // JVNDB: JVNDB-2013-003464 // NVD: CVE-2013-3436

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-429

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-429

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003464

PATCH
title:Cisco IOS GET VPN Encryption Policy Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436
Trust: 0.8
title:30140url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30140
Trust: 0.8
title:Cisco IOS GET VPN Encryption Policy security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/36427
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-10446 // 
            
            
            
            JVNDB: JVNDB-2013-003464

EXTERNAL IDS
db:NVDid:CVE-2013-3436
Trust: 3.4
db:BIDid:61362
Trust: 2.0
db:SECTRACKid:1028810
Trust: 1.1
db:OSVDBid:95460
Trust: 1.1
db:JVNDBid:JVNDB-2013-003464
Trust: 0.8
db:CNNVDid:CNNVD-201307-429
Trust: 0.7
db:CNVDid:CNVD-2013-10446
Trust: 0.6
db:CISCOid:20130718 CISCO IOS GET VPN ENCRYPTION POLICY BYPASS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-63438
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-10446 // 
            
            
            
            VULHUB: VHN-63438 // 
            
            
            
            BID: 61362 // 
            
            
            
            JVNDB: JVNDB-2013-003464 // 
            
            
            
            CNNVD: CNNVD-201307-429 // 
            
            
            
            NVD: CVE-2013-3436

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3436
Trust: 2.3
url:http://www.securityfocus.com/bid/61362
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30140
Trust: 1.1
url:http://osvdb.org/95460
Trust: 1.1
url:http://www.securitytracker.com/id/1028810
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85868
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3436
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3436
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-10446 // 
            
            
            
            VULHUB: VHN-63438 // 
            
            
            
            BID: 61362 // 
            
            
            
            JVNDB: JVNDB-2013-003464 // 
            
            
            
            CNNVD: CNNVD-201307-429 // 
            
            
            
            NVD: CVE-2013-3436

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61362

SOURCES
db:CNVDid:CNVD-2013-10446
db:VULHUBid:VHN-63438
db:BIDid:61362
db:JVNDBid:JVNDB-2013-003464
db:CNNVDid:CNNVD-201307-429
db:NVDid:CVE-2013-3436

LAST UPDATE DATE
2025-04-11T23:20:35.346000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-10446date:2013-07-23T00:00:00
db:VULHUBid:VHN-63438date:2017-11-29T00:00:00
db:BIDid:61362date:2013-07-18T00:00:00
db:JVNDBid:JVNDB-2013-003464date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-429date:2013-07-29T00:00:00
db:NVDid:CVE-2013-3436date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-10446date:2013-07-23T00:00:00
db:VULHUBid:VHN-63438date:2013-07-19T00:00:00
db:BIDid:61362date:2013-07-18T00:00:00
db:JVNDBid:JVNDB-2013-003464date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-429date:2013-07-22T00:00:00
db:NVDid:CVE-2013-3436date:2013-07-19T14:36:13.367