CVE-2013-5488

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=30749
http://www.securityfocus.com/bid/62333
https://exchange.xforce.ibmcloud.com/vulnerabilities/87026

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:prime_lan_management_solution:-:::::::*
	cpe:2.3:a:cisco:security_manager::::::::
	cpe:2.3:a:cisco:unified_operations_manager:-:::::::*
	cpe:2.3:a:cisco:unified_service_monitor:-:::::::*

History

No history.

Information

Published : 2013-09-12 13:28

Updated : 2023-12-10 11:16

NVD link : CVE-2013-5488

Mitre link : CVE-2013-5488

CVE.ORG link : CVE-2013-5488

JSON object : View

Products Affected

cisco

unified_service_monitor
security_manager
prime_lan_management_solution
unified_operations_manager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-5488", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-12T13:28:32.207", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/62333", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}, {"lang": "es", "value": "Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, y Cisco Unified Operations Manager, no interactua apropiadamente con el componente ActiveMQ, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de sesiones TCP simult\u00e1neas, tambien conocidas como Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, y CSCuh95969."}], "lastModified": "2017-08-29T01:33:48.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754"}, {"criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC03BFB-10FA-4276-930F-DB450E89DCD8"}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315"}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}