cvelistv5 - cve-2013-1146

CVE-2013-1146 (GCVE-0-2013-1146)

Vulnerability from cvelistv5

Published

2013-03-28 23:00

Modified

2024-09-17 01:26

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-j6vf-c5c5-5r47

Vulnerability from github

Published

2022-05-17 05:12

Modified

2022-05-17 05:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-03-28T23:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.",
  "id": "GHSA-j6vf-c5c5-5r47",
  "modified": "2022-05-17T05:12:30Z",
  "published": "2022-05-17T05:12:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1146"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2013-1146

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-1146

Aliases

CVE-2013-1146

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1146",
    "description": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.",
    "id": "GSD-2013-1146"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1146"
      ],
      "details": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.",
      "id": "GSD-2013-1146",
      "modified": "2023-12-13T01:22:20.610321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-1146",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130327 Cisco IOS Software Smart Install Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.0\\(1\\)se:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1146"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130327 Cisco IOS Software Smart Install Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-03-29T15:09Z",
      "publishedDate": "2013-03-28T23:55Z"
    }
  }
}

fkie_cve-2013-1146

Vulnerability from fkie_nvd

Published

2013-03-28 23:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios	12.2
cisco	ios	15.0
cisco	ios	15.0\(1\)se
cisco	ios	15.1
cisco	ios	15.2
cisco	ios	15.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)se:*:*:*:*:*:*:*",
              "matchCriteriaId": "971AAF00-63AA-4B3F-8E0F-B8FBD011C071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2AB6A02-B7C7-48D1-8857-BD1CDF9A40D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870F917-9F35-41AE-8CCA-D8574189C7EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790."
    },
    {
      "lang": "es",
      "value": "La funcionalidad Smart Install del cliente  de Cisco IOS v12.2 y v15.0 hasta v15.3 en los switches Catalyst permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de una lista de par\u00e1metros imagen en los paquetes de Smart Install, conocido como ID de error alias CSCub55790."
    }
  ],
  "id": "CVE-2013-1146",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-03-28T23:55:01.610",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2013-AVI-205

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Cisco IOS. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	IOS XE	Cisco IOS XE
	Cisco	IOS	Cisco IOS

References

Title

Publication Time

The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch. An attacker can exploit this issue to cause an affected device to reload or become unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub55790. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0393",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.0\\(1\\)se"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "15.0 to  15.3"
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.7,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2gc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1gc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0se",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ez",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ey",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ex",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 ex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "BID",
        "id": "58746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:ios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "csico",
    "sources": [
      {
        "db": "BID",
        "id": "58746"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-1146",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-1146",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-1146",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-61148",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-1146",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-1146",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2013-1146",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201303-561",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61148",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch. \nAn attacker can exploit this issue to cause an affected device to reload or become unresponsive, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCub55790. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "BID",
        "id": "58746"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1146",
        "trust": 3.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-056",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "58746",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1568",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20130327 CISCO IOS SOFTWARE SMART INSTALL DENIAL OF SERVICE VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "52777",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-61148",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "db": "BID",
        "id": "58746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "id": "VAR-201303-0393",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:02:28.392000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20130327-smartinstall",
        "trust": 1.5,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
      },
      {
        "title": "Cisco IOS Software Smart Install Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1146"
      },
      {
        "title": "28648",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28648"
      },
      {
        "title": "cisco-sa-20130327-smartinstall",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/111/1117/1117673_cisco-sa-20130327-smartinstall-j.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130327-smartinstall"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1146"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1146"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/52777"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/58746"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-13-056/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "db": "BID",
        "id": "58746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "db": "BID",
        "id": "58746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-04-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "date": "2013-03-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "date": "2013-03-27T00:00:00",
        "db": "BID",
        "id": "58746"
      },
      {
        "date": "2013-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "date": "2013-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "date": "2013-03-28T23:55:01.610000",
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-04-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-056"
      },
      {
        "date": "2013-03-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61148"
      },
      {
        "date": "2013-04-09T17:38:00",
        "db": "BID",
        "id": "58746"
      },
      {
        "date": "2013-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      },
      {
        "date": "2013-03-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      },
      {
        "date": "2024-11-21T01:48:59.463000",
        "db": "NVD",
        "id": "CVE-2013-1146"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS of  Smart Install Service operation interruption in client function  ( Device reload ) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002084"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-561"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-1146 (GCVE-0-2013-1146)

Vulnerability from cvelistv5

ghsa-j6vf-c5c5-5r47

Vulnerability from github

gsd-2013-1146

Vulnerability from gsd

fkie_cve-2013-1146

Vulnerability from fkie_nvd

CERTA-2013-AVI-205

Vulnerability from certfr_avis

Solution

var-201303-0393

Vulnerability from variot

Tags

Sightings

Nomenclature