Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Adaptive Security Appliance Software and Firewall Services Module Software Time-Range Object Access List Bypass Vulnerability

Cisco-SA-20130422-CVE-2013-1195 · Medium · Published · Updated

A vulnerability in the implementation of the time-range object could allow an unauthenticated, remote attacker to bypass access lists that are using the time-range option. The vulnerability is due to improper implementation of the code for the time-range object, when the periodic command is used. Due to this issue, the time-range object may have no effect. Therefore, depending on the access-list statement (permit or deny), an attacker could bypass the access list. An attacker could exploit this vulnerability by sending traffic through the affected system. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. Customers are advised to review the bug reports in the vendor announcements section for a current list of affected versions. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Customers are advised to review the bug reports in the vendor announcements section for guidance on deploying a workaround to mitigate this vulnerability.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1195
Cisco Bug IDsCSCuf79091, CSCug45850
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:W/RC:C
Product Names From Source
Cisco Firewall Services Module (FWSM), Cisco Adaptive Security Appliance (ASA) Software 8.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.2, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.4.2.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.5, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.5, Cisco Adaptive Security Appliance (ASA) Software 8.4.5.6, Cisco Adaptive Security Appliance (ASA) Software 8.4.6, Cisco Adaptive Security Appliance (ASA) Software

Related Products

Product CVE Evidence
Cisco Firewall Services Module (FWSM) CVE-2013-1195 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2013-1195 Cisco OpenVuln