cvelistv5 - cve-2013-5480

CVE-2013-5480 (GCVE-0-2013-5480)

Vulnerability from cvelistv5

Published

2013-09-27 10:00

Modified

2024-09-16 21:03

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-9662-9hfv-c3vr

Vulnerability from github

Published

2022-05-17 05:03

Modified

2022-05-17 05:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-27T10:08:00Z",
    "severity": "HIGH"
  },
  "details": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.",
  "id": "GHSA-9662-9hfv-c3vr",
  "modified": "2022-05-17T05:03:06Z",
  "published": "2022-05-17T05:03:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5480"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2013-5480

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-5480

Aliases

CVE-2013-5480

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5480",
    "description": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.",
    "id": "GSD-2013-5480"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5480"
      ],
      "details": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.",
      "id": "GSD-2013-5480",
      "modified": "2023-12-13T01:22:22.113896Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-5480",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130925 Cisco IOS Software Network Address Translation Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5480"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130925 Cisco IOS Software Network Address Translation Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-07T20:16Z",
      "publishedDate": "2013-09-27T10:08Z"
    }
  }
}

CERTA-2013-AVI-544

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Cisco IOS. Elles permettent à un attaquant de provoquer un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	IOS XE	Cisco IOS XE
	Cisco	IOS	Cisco IOS

References

Title

Publication Time

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS Software that unauthenticated remote attackers can exploit vulnerabilities to overload devices. The vulnerability is caused by incorrectly processing DNS packets that need to be translated through the NAT boundary. The attacker uses the vulnerability to continuously send certain DNS packets to the target device. When a malicious packet is processed, an unknown error can cause the device to reset. Denial of service attack. The following devices are affected by this vulnerability: Cisco IOS 15.1 GC 15.1(4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1( 4) M2, 15.1(4)M3, 15.1(4)M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1T 15.1(3)T, 15.1(3)T1, 15.1( 3) T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1( 4) XB8a | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2JA 15.2(2)JA, 15.2(2)JA1, 15.2(4)JA | 15.2JAX 15.2(2)JAX | 15.2JB 15.2(2)JB, 15.2(2)JB1 | 15.2M 15.2(4)M, 15.2(4)M1, 15.2(4)M2, 15.2(4)M3 | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T3a, 15.2(1)T4, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2(3)T2, 15.2( 3) T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3T 15.3(1)T, 15.3(1)T1, 15.3(2)T. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuf28733. Vulnerabilities exist in the following versions: Cisco IOS Release 12.2, Releases 15.0 through 15.3

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0448",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "15.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "15.0 to  15.3"
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2gc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2 t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2 t1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2 t2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1gc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m3a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 t3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 t2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 t1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "BID",
        "id": "62637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:ios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "62637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-5480",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-5480",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2013-13328",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-65482",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-5480",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-5480",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-13328",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201309-479",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65482",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS Software that unauthenticated remote attackers can exploit vulnerabilities to overload devices. The vulnerability is caused by incorrectly processing DNS packets that need to be translated through the NAT boundary. The attacker uses the vulnerability to continuously send certain DNS packets to the target device. When a malicious packet is processed, an unknown error can cause the device to reset. Denial of service attack. The following devices are affected by this vulnerability: Cisco IOS 15.1 GC 15.1(4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1( 4) M2, 15.1(4)M3, 15.1(4)M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1T 15.1(3)T, 15.1(3)T1, 15.1( 3) T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1( 4) XB8a | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2JA 15.2(2)JA, 15.2(2)JA1, 15.2(4)JA | 15.2JAX 15.2(2)JAX | 15.2JB 15.2(2)JB, 15.2(2)JB1 | 15.2M 15.2(4)M, 15.2(4)M1, 15.2(4)M2, 15.2(4)M3 | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T3a, 15.2(1)T4, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2(3)T2, 15.2( 3) T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3T 15.3(1)T, 15.3(1)T1, 15.3(2)T. \nExploiting this issue may allow remote attackers to trigger denial-of-service conditions. \nThis issue is being tracked by Cisco Bug ID CSCuf28733. Vulnerabilities exist in the following versions: Cisco IOS Release 12.2, Releases 15.0 through 15.3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "BID",
        "id": "62637"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5480",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "62637",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20130925 CISCO IOS SOFTWARE NETWORK ADDRESS TRANSLATION VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "db": "BID",
        "id": "62637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "id": "VAR-201309-0448",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:31:23.084000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20130925-nat",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
      },
      {
        "title": "30703",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30703"
      },
      {
        "title": "cisco-sa-20130925-nat",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/111/1119/1119887_cisco-sa-20130925-nat-j.html"
      },
      {
        "title": "Patch for Cisco IOS Network Address Translation Remote Denial of Service Vulnerability (CNVD-2013-13328)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/39878"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130925-nat"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5480"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5480"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30703"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/62637"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "db": "BID",
        "id": "62637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "db": "BID",
        "id": "62637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "date": "2013-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "BID",
        "id": "62637"
      },
      {
        "date": "2013-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "date": "2013-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "date": "2013-09-27T10:08:04.337000",
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-13328"
      },
      {
        "date": "2013-10-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65482"
      },
      {
        "date": "2015-03-19T09:36:00",
        "db": "BID",
        "id": "62637"
      },
      {
        "date": "2013-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      },
      {
        "date": "2013-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      },
      {
        "date": "2024-11-21T01:57:33.657000",
        "db": "NVD",
        "id": "CVE-2013-5480"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS of  DNS-over-TCP Service disruption in implementations  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004345"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-479"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2013-5480

Vulnerability from fkie_nvd

Published

2013-09-27 10:08

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios	12.2
cisco	ios	15.0
cisco	ios	15.1
cisco	ios	15.2
cisco	ios	15.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2AB6A02-B7C7-48D1-8857-BD1CDF9A40D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870F917-9F35-41AE-8CCA-D8574189C7EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n DNS sobre TCP en Cisco IOS 12.2 y 15.0 hasta 15.3, cuando se utiliza NAT, permite a un atacante remoto causar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de un stream IPv4 DNS TCP manipulado, tambien conocido como  Bug ID CSCuf28733."
    }
  ],
  "id": "CVE-2013-5480",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-27T10:08:04.337",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5480 (GCVE-0-2013-5480)

Vulnerability from cvelistv5

ghsa-9662-9hfv-c3vr

Vulnerability from github

gsd-2013-5480

Vulnerability from gsd

CERTA-2013-AVI-544

Vulnerability from certfr_avis

Solution

var-201309-0448

Vulnerability from variot

fkie_cve-2013-5480

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature