Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IPS SensorApp Regex Processing Denial of Service Vulnerability

Cisco-SA-20130429-CVE-2013-1219 · Medium · Published · Updated

Cisco Intrusion Prevention System (IPS) SensorApp contains a vulnerability that could allow a local attacker to cause a denial of service (DoS) condition. The vulnerability is due to a job failure in the Regex hardware when processing the control transaction getENGVirtualSensorStatistics. A local attacker could exploit the vulnerability by performing an action that uses the getENGVirtualSensorStatistics control transaction. When the malicious action is processed by the affected device, the SensorApp process may hang or become unresponsive to legitimate commands or control transactions, leading to a DoS condition. Cisco has confirmed the vulnerability in a security notice and has released software updates. This vulnerability is applicable only to platforms that implement Regex hardware. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available. To exploit this vulnerability, an attacker requires authenticated access to a targeted device and may require access to trusted, internal networks. These access requirements could limit the likelihood of a successful exploit.

Cisco advisory · CSAF JSON

Workarounds

Administrators may consider rebooting an affected device and disabling string-tcp or string-tcp-xl engines or disabling signatures associated with these engines.

Administrators are advised to migrate to signature pack S688 or higher if using any signature packs between S673 to S687.

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1219
Cisco Bug IDsCSCuc74630
CVSS ScoreBase 4.4
Base 4.4 AV:L/AC:M/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Intrusion Prevention System (IPS), Intrusion Prevention System (IPS)

Related Products

Product CVE Evidence
Intrusion Prevention System (IPS) CVE-2013-1219 Cisco OpenVuln
Cisco Intrusion Prevention System (IPS) CVE-2013-1219 Cisco OpenVuln