Details of VAR-201311-0294

ID

VAR-201311-0294

CVE

CVE-2013-5553

TITLE

Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005050

DESCRIPTION

Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is due to improper handling of specially crafted SIP messages. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuc42558. The following releases are affected: Cisco IOS 15.1(4)GC, 15.1(4)GC1, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6

Trust: 2.52

sources: NVD: CVE-2013-5553 // JVNDB: JVNDB-2013-005050 // CNVD: CNVD-2013-14350 // BID: 63553 // VULHUB: VHN-65555

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14350

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios 15.1 m4	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	eq	version:	15.1(4)gc	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1(4)gc1	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1(4)m4	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1(4)m5	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1(4)m6	Trust: 0.8
vendor:	cisco	model:	ios 15.1 gc	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 gc1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 m5	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 m6	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-14350 // BID: 63553 // JVNDB: JVNDB-2013-005050 // CNNVD: CNNVD-201311-097 // NVD: CVE-2013-5553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5553
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5553
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-14350
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201311-097
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65555
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5553
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14350
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65555
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14350 // VULHUB: VHN-65555 // JVNDB: JVNDB-2013-005050 // CNNVD: CNNVD-201311-097 // NVD: CVE-2013-5553

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-65555 // JVNDB: JVNDB-2013-005050 // NVD: CVE-2013-5553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-097

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201311-097

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005050

PATCH

title:	31516	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=31516	Trust: 0.8
title:	cisco-sa-20131106-sip	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-sip	Trust: 0.8
title:	31562	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31562	Trust: 0.8
title:	cisco-sa-20131106-sip	url:	http://www.cisco.com/cisco/web/support/JP/112/1120/1120849_cisco-sa-20131106-sip-j.html	Trust: 0.8
title:	Patch for Cisco IOS SIP Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40983	Trust: 0.6

sources: CNVD: CNVD-2013-14350 // JVNDB: JVNDB-2013-005050

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5553	Trust: 3.4
db:	BID	id:	63553	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-005050	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-097	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14350	Trust: 0.6
db:	NSFOCUS	id:	25242	Trust: 0.6
db:	CISCO	id:	20131106 CISCO IOS SOFTWARE SESSION INITIATION PROTOCOL DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65555	Trust: 0.1

sources: CNVD: CNVD-2013-14350 // VULHUB: VHN-65555 // BID: 63553 // JVNDB: JVNDB-2013-005050 // CNNVD: CNNVD-201311-097 // NVD: CVE-2013-5553

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131106-sip	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5553	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5553	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31562	Trust: 0.6
url:	http://www.securityfocus.com/bid/63553	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/25242	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131106-sip#@id	Trust: 0.3

sources: CNVD: CNVD-2013-14350 // VULHUB: VHN-65555 // BID: 63553 // JVNDB: JVNDB-2013-005050 // CNNVD: CNNVD-201311-097 // NVD: CVE-2013-5553

CREDITS

Cisco

Trust: 0.9

sources: BID: 63553 // CNNVD: CNNVD-201311-097

SOURCES

db:	CNVD	id:	CNVD-2013-14350
db:	VULHUB	id:	VHN-65555
db:	BID	id:	63553
db:	JVNDB	id:	JVNDB-2013-005050
db:	CNNVD	id:	CNNVD-201311-097
db:	NVD	id:	CVE-2013-5553

LAST UPDATE DATE

2025-04-11T23:04:03.734000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14350	date:	2013-11-11T00:00:00
db:	VULHUB	id:	VHN-65555	date:	2013-11-08T00:00:00
db:	BID	id:	63553	date:	2013-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-005050	date:	2013-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201311-097	date:	2013-11-08T00:00:00
db:	NVD	id:	CVE-2013-5553	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14350	date:	2013-11-11T00:00:00
db:	VULHUB	id:	VHN-65555	date:	2013-11-08T00:00:00
db:	BID	id:	63553	date:	2013-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-005050	date:	2013-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201311-097	date:	2013-11-08T00:00:00
db:	NVD	id:	CVE-2013-5553	date:	2013-11-08T04:47:23.010