Sign-up

ID

VAR-201311-0301


CVE

CVE-2013-5561


TITLE

Cisco ASA CX Remote Safe Search Policy Security Bypass Vulnerability

Trust: 0.9

sources: BID: 63492 // CNNVD: CNNVD-201311-028

DESCRIPTION

The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622. Vendors have confirmed this vulnerability Bug ID CSCui94622 It is released as.Third parties may be able to bypass policy restrictions. Cisco ASA CX is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The vulnerability is caused by the program not performing filtering operations correctly

Trust: 1.98

sources: NVD: CVE-2013-5561 // JVNDB: JVNDB-2013-005011 // BID: 63492 // VULHUB: VHN-65563

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance cx context-aware security softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:(asa)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:(cx context-aware security) 9.0.2-68

Trust: 0.8

sources: JVNDB: JVNDB-2013-005011 // CNNVD: CNNVD-201311-028 // NVD: CVE-2013-5561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5561
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5561
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-028
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65563
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5561
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65563
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65563 // JVNDB: JVNDB-2013-005011 // CNNVD: CNNVD-201311-028 // NVD: CVE-2013-5561

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65563 // JVNDB: JVNDB-2013-005011 // NVD: CVE-2013-5561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-028

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201311-028

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005011

PATCH
title:Cisco ASA CX Safe Search Policy Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5561
Trust: 0.8
title:31607url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31607
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005011

EXTERNAL IDS
db:NVDid:CVE-2013-5561
Trust: 2.8
db:JVNDBid:JVNDB-2013-005011
Trust: 0.8
db:CNNVDid:CNNVD-201311-028
Trust: 0.7
db:CISCOid:20131101 CISCO ASA CX SAFE SEARCH POLICY BYPASS VULNERABILITY
Trust: 0.6
db:BIDid:63492
Trust: 0.4
db:VULHUBid:VHN-65563
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65563 // 
            
            
            
            BID: 63492 // 
            
            
            
            JVNDB: JVNDB-2013-005011 // 
            
            
            
            CNNVD: CNNVD-201311-028 // 
            
            
            
            NVD: CVE-2013-5561

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5561
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5561
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5561
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65563 // 
            
            
            
            BID: 63492 // 
            
            
            
            JVNDB: JVNDB-2013-005011 // 
            
            
            
            CNNVD: CNNVD-201311-028 // 
            
            
            
            NVD: CVE-2013-5561

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63492

SOURCES
db:VULHUBid:VHN-65563
db:BIDid:63492
db:JVNDBid:JVNDB-2013-005011
db:CNNVDid:CNNVD-201311-028
db:NVDid:CVE-2013-5561

LAST UPDATE DATE
2025-04-11T22:59:03.623000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65563date:2013-11-15T00:00:00
db:BIDid:63492date:2013-11-06T00:22:00
db:JVNDBid:JVNDB-2013-005011date:2013-11-06T00:00:00
db:CNNVDid:CNNVD-201311-028date:2013-11-05T00:00:00
db:NVDid:CVE-2013-5561date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65563date:2013-11-04T00:00:00
db:BIDid:63492date:2013-11-01T00:00:00
db:JVNDBid:JVNDB-2013-005011date:2013-11-06T00:00:00
db:CNNVDid:CNNVD-201311-028date:2013-11-05T00:00:00
db:NVDid:CVE-2013-5561date:2013-11-04T16:55:05.170