Details of VAR-201401-0096

ID

VAR-201401-0096

CVE

CVE-2013-3594

TITLE

Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks

Trust: 0.8

sources: CERT/CC: VU#122582

DESCRIPTION

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability. Dell PowerConnect is a switch product developed by Dell. Dell Multiple PowerConnect Switches are prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition

Trust: 3.24

sources: NVD: CVE-2013-3594 // CERT/CC: VU#122582 // JVNDB: JVNDB-2014-001214 // CNVD: CNVD-2014-00467 // BID: 65070 // VULHUB: VHN-63596

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00467

AFFECTED PRODUCTS

vendor:	dell	model:	powerconnect 3524p	scope:	eq	version:	2.0.0.48	Trust: 2.2
vendor:	dell	model:	powerconnect 5324	scope:	eq	version:	2.0.1.4	Trust: 1.6
vendor:	dell	model:	powerconnect 3348	scope:	eq	version:	1.2.1.3	Trust: 1.6
vendor:	dell computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	powerconnect 3348	scope:	lte	version:	firmware 1.2.1.3	Trust: 0.8
vendor:	dell	model:	powerconnect 3524p	scope:	lte	version:	firmware 2.0.0.48	Trust: 0.8
vendor:	dell	model:	powerconnect 5324	scope:	lte	version:	firmware 2.0.1.4	Trust: 0.8
vendor:	dell	model:	powerconnect	scope:	eq	version:	33481.2.1.3	Trust: 0.6
vendor:	dell	model:	powerconnect	scope:	eq	version:	53242.0.1.4	Trust: 0.6

sources: CERT/CC: VU#122582 // CNVD: CNVD-2014-00467 // JVNDB: JVNDB-2014-001214 // CNNVD: CNNVD-201401-381 // NVD: CVE-2013-3594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3594
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3594
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-00467
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201401-381
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-63596
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3594
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00467
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-63596
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00467 // VULHUB: VHN-63596 // JVNDB: JVNDB-2014-001214 // CNNVD: CNNVD-201401-381 // NVD: CVE-2013-3594

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 2.7

sources: CERT/CC: VU#122582 // VULHUB: VHN-63596 // JVNDB: JVNDB-2014-001214 // NVD: CVE-2013-3594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-381

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-381

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001214

PATCH

title:	PowerConnect 3524P	url:	http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-3524p	Trust: 0.8
title:	PowerConnect 5324	url:	http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-5324	Trust: 0.8
title:	PowerConnect 3348	url:	http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-3348	Trust: 0.8

sources: JVNDB: JVNDB-2014-001214

EXTERNAL IDS

db:	CERT/CC	id:	VU#122582	Trust: 3.9
db:	NVD	id:	CVE-2013-3594	Trust: 3.4
db:	JVN	id:	JVNVU95569358	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001214	Trust: 0.8
db:	CNVD	id:	CNVD-2014-00467	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-381	Trust: 0.6
db:	BID	id:	65070	Trust: 0.4
db:	VULHUB	id:	VHN-63596	Trust: 0.1

sources: CERT/CC: VU#122582 // CNVD: CNVD-2014-00467 // VULHUB: VHN-63596 // BID: 65070 // JVNDB: JVNDB-2014-001214 // CNNVD: CNNVD-201401-381 // NVD: CVE-2013-3594

REFERENCES

url:	http://www.kb.cert.org/vuls/id/122582	Trust: 3.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90595	Trust: 1.1
url:	http://cwe.mitre.org/data/definitions/20.html	Trust: 0.8
url:	http://www.dell.com/support/drivers/us/en/04/product/powerconnect-3348	Trust: 0.8
url:	http://www.dell.com/support/drivers/us/en/04/product/powerconnect-3524p	Trust: 0.8
url:	http://www.dell.com/support/drivers/us/en/04/product/powerconnect-5324	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3594	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95569358	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3594	Trust: 0.8
url:	http://dell.com	Trust: 0.3

sources: CERT/CC: VU#122582 // CNVD: CNVD-2014-00467 // VULHUB: VHN-63596 // BID: 65070 // JVNDB: JVNDB-2014-001214 // CNNVD: CNNVD-201401-381 // NVD: CVE-2013-3594

CREDITS

Rijnard van Tonder

Trust: 0.3

sources: BID: 65070

SOURCES

db:	CERT/CC	id:	VU#122582
db:	CNVD	id:	CNVD-2014-00467
db:	VULHUB	id:	VHN-63596
db:	BID	id:	65070
db:	JVNDB	id:	JVNDB-2014-001214
db:	CNNVD	id:	CNNVD-201401-381
db:	NVD	id:	CVE-2013-3594

LAST UPDATE DATE

2025-04-11T22:48:24.480000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#122582	date:	2014-01-17T00:00:00
db:	CNVD	id:	CNVD-2014-00467	date:	2014-01-21T00:00:00
db:	VULHUB	id:	VHN-63596	date:	2017-08-29T00:00:00
db:	BID	id:	65070	date:	2014-01-22T19:35:00
db:	JVNDB	id:	JVNDB-2014-001214	date:	2014-01-22T00:00:00
db:	CNNVD	id:	CNNVD-201401-381	date:	2014-01-26T00:00:00
db:	NVD	id:	CVE-2013-3594	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#122582	date:	2014-01-17T00:00:00
db:	CNVD	id:	CNVD-2014-00467	date:	2014-01-21T00:00:00
db:	VULHUB	id:	VHN-63596	date:	2014-01-20T00:00:00
db:	BID	id:	65070	date:	2014-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-001214	date:	2014-01-22T00:00:00
db:	CNNVD	id:	CNNVD-201401-381	date:	2014-01-26T00:00:00
db:	NVD	id:	CVE-2013-3594	date:	2014-01-20T04:58:49.647