Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IPS Authentication Manager Denial of Service Vulnerability

Cisco-SA-20130919-CVE-2013-5497 · Medium · Published · Updated

A vulnerability in the web framework of Cisco IPS Software could allow an unauthenticated, remote attacker to cause MainApp to hang intermittently due to the authentication manager process creating a denial of service (DoS) condition. The vulnerability is due to improper handling of user tokens. An attacker could exploit this vulnerability by sending a crafted connection request to the Cisco IPS management interface. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks, in which the targeted device may reside, to send a crafted connection request. This access requirement limits the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-5497
Cisco Bug IDsCSCuf20148
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Intrusion Prevention System (IPS), Intrusion Prevention System (IPS)

Related Products

Product CVE Evidence
Intrusion Prevention System (IPS) CVE-2013-5497 Cisco OpenVuln
Cisco Intrusion Prevention System (IPS) CVE-2013-5497 Cisco OpenVuln