Sign-up

ID

VAR-201308-0305


CVE

CVE-2013-5469


TITLE

Cisco IOS of TCP Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003948

DESCRIPTION

The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This vulnerability stems from an error closing an established TCP connection. Cisco IOS is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtz14399

Trust: 2.52

sources: NVD: CVE-2013-5469 // JVNDB: JVNDB-2013-003948 // CNVD: CNVD-2013-12741 // BID: 62083 // VULHUB: VHN-65471

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-12741

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios 15.1 sscope: - version: -

Trust: 0.9

vendor:ciscomodel:iosscope:lteversion:15.3(3)s6

Trust: 0.8

vendor:ciscomodel:iosscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.1 s2scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1 s1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 sxj2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 sxj1scope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-12741 // BID: 62083 // JVNDB: JVNDB-2013-003948 // CNNVD: CNNVD-201308-481 // NVD: CVE-2013-5469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5469
value: HIGH

Trust: 1.0

NVD: CVE-2013-5469
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-12741
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201308-481
value: HIGH

Trust: 0.6

VULHUB: VHN-65471
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5469
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-12741
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65471
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-12741 // VULHUB: VHN-65471 // JVNDB: JVNDB-2013-003948 // CNNVD: CNNVD-201308-481 // NVD: CVE-2013-5469

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-65471 // JVNDB: JVNDB-2013-003948 // NVD: CVE-2013-5469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-481

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201308-481

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003948

PATCH
title:Cisco IOS Software TCP ACK Storm Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5469
Trust: 0.8
title:30619url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30619
Trust: 0.8
title:Patch for Cisco IOS 'ESTABLISHED' Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/39270
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-12741 // 
            
            
            
            JVNDB: JVNDB-2013-003948

EXTERNAL IDS
db:NVDid:CVE-2013-5469
Trust: 3.4
db:BIDid:62083
Trust: 2.0
db:OSVDBid:96764
Trust: 1.1
db:SECTRACKid:1028969
Trust: 1.1
db:JVNDBid:JVNDB-2013-003948
Trust: 0.8
db:CNNVDid:CNNVD-201308-481
Trust: 0.7
db:CNVDid:CNVD-2013-12741
Trust: 0.6
db:CISCOid:20130830 CISCO IOS SOFTWARE TCP ACK STORM VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65471
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-12741 // 
            
            
            
            VULHUB: VHN-65471 // 
            
            
            
            BID: 62083 // 
            
            
            
            JVNDB: JVNDB-2013-003948 // 
            
            
            
            CNNVD: CNNVD-201308-481 // 
            
            
            
            NVD: CVE-2013-5469

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5469
Trust: 2.3
url:http://www.securityfocus.com/bid/62083
Trust: 1.1
url:http://osvdb.org/96764
Trust: 1.1
url:http://www.securitytracker.com/id/1028969
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86794
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5469
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5469
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-12741 // 
            
            
            
            VULHUB: VHN-65471 // 
            
            
            
            BID: 62083 // 
            
            
            
            JVNDB: JVNDB-2013-003948 // 
            
            
            
            CNNVD: CNNVD-201308-481 // 
            
            
            
            NVD: CVE-2013-5469

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62083

SOURCES
db:CNVDid:CNVD-2013-12741
db:VULHUBid:VHN-65471
db:BIDid:62083
db:JVNDBid:JVNDB-2013-003948
db:CNNVDid:CNNVD-201308-481
db:NVDid:CVE-2013-5469

LAST UPDATE DATE
2025-04-11T23:07:16.236000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-12741date:2013-09-03T00:00:00
db:VULHUBid:VHN-65471date:2017-08-29T00:00:00
db:BIDid:62083date:2013-09-04T02:14:00
db:JVNDBid:JVNDB-2013-003948date:2013-09-04T00:00:00
db:CNNVDid:CNNVD-201308-481date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5469date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-12741date:2013-09-03T00:00:00
db:VULHUBid:VHN-65471date:2013-08-30T00:00:00
db:BIDid:62083date:2013-08-30T00:00:00
db:JVNDBid:JVNDB-2013-003948date:2013-09-04T00:00:00
db:CNNVDid:CNNVD-201308-481date:2013-08-30T00:00:00
db:NVDid:CVE-2013-5469date:2013-08-30T20:55:08.737