Details of VAR-201311-0293

ID

VAR-201311-0293

CVE

CVE-2013-5552

TITLE

Cisco IOS Content Services Gateway Security Bypass Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2013-14457 // BID: 63652

DESCRIPTION

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is caused by the failure of the function to properly handle illegal messages. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and gain access to the sensitive information. This issue is being tracked by Cisco Bug ID CSCug90143. This solution provides functions such as statistical billing, billing records, and content filtering for data traffic

Trust: 2.52

sources: NVD: CVE-2013-5552 // JVNDB: JVNDB-2013-005105 // CNVD: CNVD-2013-14457 // BID: 63652 // VULHUB: VHN-65554

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14457

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mdb10	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mdb12	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mdb11	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda10	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mdb13	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda13	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lte	version:	12.4\(24\)mdb14	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md5a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4mda12	Trust: 1.0
vendor:	cisco	model:	content services gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda12	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)md7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mda11	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lte	version:	12.4(24)mdb9	Trust: 0.8
vendor:	cisco	model:	content services gateway	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)mdb14	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-14457 // BID: 63652 // JVNDB: JVNDB-2013-005105 // CNNVD: CNNVD-201311-144 // NVD: CVE-2013-5552

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5552
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5552
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-14457
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201311-144
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65554
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5552
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14457
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65554
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14457 // VULHUB: VHN-65554 // JVNDB: JVNDB-2013-005105 // CNNVD: CNNVD-201311-144 // NVD: CVE-2013-5552

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65554 // JVNDB: JVNDB-2013-005105 // NVD: CVE-2013-5552

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-144

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201311-144

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005105

PATCH

title:	Cisco Content Services Gateway Traffic Bypass Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5552	Trust: 0.8
title:	31715	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31715	Trust: 0.8
title:	Cisco IOS Content Services Gateway Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/41073	Trust: 0.6

sources: CNVD: CNVD-2013-14457 // JVNDB: JVNDB-2013-005105

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5552	Trust: 3.4
db:	BID	id:	63652	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-005105	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-144	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14457	Trust: 0.6
db:	CISCO	id:	20131111 CISCO CONTENT SERVICES GATEWAY TRAFFIC BYPASS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65554	Trust: 0.1

sources: CNVD: CNVD-2013-14457 // VULHUB: VHN-65554 // BID: 63652 // JVNDB: JVNDB-2013-005105 // CNNVD: CNNVD-201311-144 // NVD: CVE-2013-5552

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5552	Trust: 2.6
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31715	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5552	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5552	Trust: 0.8
url:	http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscug90143	Trust: 0.6
url:	http://www.securityfocus.com/bid/63652	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2013-14457 // VULHUB: VHN-65554 // BID: 63652 // JVNDB: JVNDB-2013-005105 // CNNVD: CNNVD-201311-144 // NVD: CVE-2013-5552

CREDITS

Cisco

Trust: 0.9

sources: BID: 63652 // CNNVD: CNNVD-201311-144

SOURCES

db:	CNVD	id:	CNVD-2013-14457
db:	VULHUB	id:	VHN-65554
db:	BID	id:	63652
db:	JVNDB	id:	JVNDB-2013-005105
db:	CNNVD	id:	CNNVD-201311-144
db:	NVD	id:	CVE-2013-5552

LAST UPDATE DATE

2025-04-11T22:55:50.496000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14457	date:	2013-11-14T00:00:00
db:	VULHUB	id:	VHN-65554	date:	2013-11-14T00:00:00
db:	BID	id:	63652	date:	2013-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-005105	date:	2013-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201311-144	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-5552	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14457	date:	2013-11-14T00:00:00
db:	VULHUB	id:	VHN-65554	date:	2013-11-13T00:00:00
db:	BID	id:	63652	date:	2013-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-005105	date:	2013-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201311-144	date:	2013-11-12T00:00:00
db:	NVD	id:	CVE-2013-5552	date:	2013-11-13T15:55:03.767