Details of VAR-201309-0445

ID

VAR-201309-0445

CVE

CVE-2013-5477

TITLE

Cisco IOS of T1/E1 driver-queue Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004342

DESCRIPTION

The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. Cisco IOS of T1/E1 driver-queue Features include HDLC32 If you are using a driver, the service operation is interrupted. ( Interface queue wedge ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. When the affected device handles burst communication, the packets queued by the Cisco IOS router or switch are not deleted from the queue, which can cause an interface queue attack. Repeated exploitation can lead to denial of service attacks. The following devices are affected by this vulnerability: Cisco IOS15.0(1)M1 Base | 15.0M 15.0(1)M, 15.0(1)M10, 15.0(1)M2, 15.0(1)M3, 15.0(1)M4, 15.0( 1) M5, 15.0(1)M6, 15.0(1)M6a, 15.0(1)M7, 15.0(1)M8, 15.0(1)M9 | 15.0XA 15.0(1)XA, 15.0(1)XA1, 15.0( 1) XA2, 15.0(1)XA3, 15.0(1)XA4, 15.0(1)XA5 | 15.1(2)T Base | 15.1GC 15.1(2)GC, 15.1(2)GC1, 15.1(2)GC2, 15.1 (4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1(4)M2, 15.1(4)M3, 15.1 (4) M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1T 15.1(1)T, 15.1(1)T1, 15.1(1)T2, 15.1(1)T3, 15.1 (1) T4, 15.1(1)T5, 15.1(2)T0a, 15.1(2)T1, 15.1(2)T2, 15.1(2)T2a, 15.1(2)T3, 15.1(2)T4, 15.1(2 ) T5, 15.1(3)T, 15.1(3)T1, 15.1(3)T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(1)XB, 15.1(1)XB1, 15.1(1 ) XB2, 15.1(1)XB3, 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1(4)XB8a | 15.2GC 15.2(1 ) GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2JA 15.2(2)JA, 15.2 (2) JA1, 15.2(4)JA | 15.2JAX 15.2(2)JAX | 15.2JB 15.2(2)JB, 15.2(2)JB1 | 15.2M 1 5.2(4)M, 15.2(4)M1, 15.2(4)M2 | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T3a, 15.2(1)T4, 15.2(100)T, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2( 3) T2, 15.2(3)T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3T 15.3(1)T, 15.3(1)T1. Cisco IOS is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCub67465. Vulnerabilities exist in the following versions: Cisco IOS Release 12.2, Releases 15.0 through 15.3

Trust: 2.52

sources: NVD: CVE-2013-5477 // JVNDB: JVNDB-2013-004342 // CNVD: CNVD-2013-13330 // BID: 62645 // VULHUB: VHN-65479

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13330

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-13330 // BID: 62645 // JVNDB: JVNDB-2013-004342 // CNNVD: CNNVD-201309-485 // NVD: CVE-2013-5477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5477
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5477
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13330
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201309-485
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65479
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5477
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13330
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65479
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13330 // VULHUB: VHN-65479 // JVNDB: JVNDB-2013-004342 // CNNVD: CNNVD-201309-485 // NVD: CVE-2013-5477

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65479 // JVNDB: JVNDB-2013-004342 // NVD: CVE-2013-5477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-485

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-485

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004342

PATCH

title:	cisco-sa-20130925-wedge	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge	Trust: 0.8
title:	30700	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30700	Trust: 0.8
title:	cisco-sa-20130925-wedge	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119890_cisco-sa-20130925-wedge-j.html	Trust: 0.8
title:	Cisco IOS Queue Inserts Patch for Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/39848	Trust: 0.6

sources: CNVD: CNVD-2013-13330 // JVNDB: JVNDB-2013-004342

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5477	Trust: 3.4
db:	BID	id:	62645	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-004342	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-485	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13330	Trust: 0.6
db:	CISCO	id:	20130925 CISCO IOS SOFTWARE QUEUE WEDGE DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65479	Trust: 0.1

sources: CNVD: CNVD-2013-13330 // VULHUB: VHN-65479 // BID: 62645 // JVNDB: JVNDB-2013-004342 // CNNVD: CNNVD-201309-485 // NVD: CVE-2013-5477

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130925-wedge	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5477	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5477	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30700	Trust: 0.6
url:	http://www.securityfocus.com/bid/62645	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130925-wedge#software	Trust: 0.3

sources: CNVD: CNVD-2013-13330 // VULHUB: VHN-65479 // BID: 62645 // JVNDB: JVNDB-2013-004342 // CNNVD: CNNVD-201309-485 // NVD: CVE-2013-5477

CREDITS

Cisco

Trust: 0.9

sources: BID: 62645 // CNNVD: CNNVD-201309-485

SOURCES

db:	CNVD	id:	CNVD-2013-13330
db:	VULHUB	id:	VHN-65479
db:	BID	id:	62645
db:	JVNDB	id:	JVNDB-2013-004342
db:	CNNVD	id:	CNNVD-201309-485
db:	NVD	id:	CVE-2013-5477

LAST UPDATE DATE

2025-04-11T23:08:40.721000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13330	date:	2013-09-29T00:00:00
db:	VULHUB	id:	VHN-65479	date:	2013-10-07T00:00:00
db:	BID	id:	62645	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004342	date:	2013-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201309-485	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5477	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13330	date:	2013-09-27T00:00:00
db:	VULHUB	id:	VHN-65479	date:	2013-09-27T00:00:00
db:	BID	id:	62645	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004342	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201309-485	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-5477	date:	2013-09-27T10:08:04.273