var-201303-0393
Vulnerability from variot
The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch. An attacker can exploit this issue to cause an affected device to reload or become unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub55790. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.0\\(1\\)se"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0 to 15.3"
},
{
"model": "ios",
"scope": null,
"trust": 0.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.2gc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.1gc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0se",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ey",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ex",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.2s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ex",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "BID",
"id": "58746"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "csico",
"sources": [
{
"db": "BID",
"id": "58746"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
}
],
"trust": 0.9
},
"cve": "CVE-2013-1146",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1146",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1146",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-61148",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1146",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-1146",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2013-1146",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-561",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-61148",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "VULHUB",
"id": "VHN-61148"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch. \nAn attacker can exploit this issue to cause an affected device to reload or become unresponsive, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCub55790. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1146"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "BID",
"id": "58746"
},
{
"db": "VULHUB",
"id": "VHN-61148"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1146",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-13-056",
"trust": 1.0
},
{
"db": "BID",
"id": "58746",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1568",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130327 CISCO IOS SOFTWARE SMART INSTALL DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "52777",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-61148",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "VULHUB",
"id": "VHN-61148"
},
{
"db": "BID",
"id": "58746"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"id": "VAR-201303-0393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61148"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:02:28.392000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20130327-smartinstall",
"trust": 1.5,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall"
},
{
"title": "Cisco IOS Software Smart Install Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1146"
},
{
"title": "28648",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28648"
},
{
"title": "cisco-sa-20130327-smartinstall",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/111/1117/1117673_cisco-sa-20130327-smartinstall-j.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61148"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130327-smartinstall"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1146"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1146"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52777"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58746"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-13-056/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "VULHUB",
"id": "VHN-61148"
},
{
"db": "BID",
"id": "58746"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"db": "VULHUB",
"id": "VHN-61148"
},
{
"db": "BID",
"id": "58746"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"date": "2013-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-61148"
},
{
"date": "2013-03-27T00:00:00",
"db": "BID",
"id": "58746"
},
{
"date": "2013-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"date": "2013-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"date": "2013-03-28T23:55:01.610000",
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-13-056"
},
{
"date": "2013-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-61148"
},
{
"date": "2013-04-09T17:38:00",
"db": "BID",
"id": "58746"
},
{
"date": "2013-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002084"
},
{
"date": "2013-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-561"
},
{
"date": "2024-11-21T01:48:59.463000",
"db": "NVD",
"id": "CVE-2013-1146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS of Smart Install Service operation interruption in client function ( Device reload ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-561"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…