CVE-2013-1166 - OpenCVE

Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Asr 1002-x Asr 1002 Asr 1006 Asr 1023 Router Asr 1001 Ios Xe Asr 1004 Asr 1002 Fixed Router

Configuration 1 [-]

AND

OR	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002_fixed_router:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1023_router:-:::::::*

OR	cpe:2.3:o:cisco:ios_xe:3.2.0s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.2.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.2.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.3.0s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.3.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.3.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.4.0as:::::::*
	cpe:2.3:o:cisco:ios_xe:3.4.0s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.4.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.4.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.4.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.4.4s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.7.0s:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2022-10-03T16:14:47

Updated: 2022-10-03T16:14:47

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-1166

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-04-11T10:55:01.910

Modified: 2021-10-05T14:51:27.467

Link: CVE-2013-1166

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:47", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-1166", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-1166", "datePublished": "2022-10-03T16:14:47", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:47", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED7C321E-F083-4AB6-96A0-D6358980441E", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4376E56-A21C-4642-A85D-439C8E21CD7F", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "444F688F-79D0-4F22-B530-7BD520080B8F", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_1002_fixed_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EAE214D-8DD8-4DA3-872A-609E7CE6E606", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*", "matchCriteriaId": "55DD2272-10C2-43B9-9F13-6DC41DBE179B", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*", "matchCriteriaId": "7428E0A8-1641-47FB-9CA9-34311DEF660D", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_1023_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "399C03D1-C4B2-4DE6-9772-EC0BD88D7FCF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0s:*:*:*:*:*:*:*", "matchCriteriaId": "621845E0-E885-46E4-929D-55DBE43DC97F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.2.1s:*:*:*:*:*:*:*", "matchCriteriaId": "429F3E17-5C65-4C91-8881-AAEAA00BCD44", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.2.2s:*:*:*:*:*:*:*", "matchCriteriaId": "F47E76FF-DE36-463D-B610-A99C90AF7B91", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.3.0s:*:*:*:*:*:*:*", "matchCriteriaId": "BEF8A6EC-3C45-4CDB-81B5-4D50CD5C4087", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.3.1s:*:*:*:*:*:*:*", "matchCriteriaId": "737D7668-872C-4246-9AB9-12FF059E231A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.3.2s:*:*:*:*:*:*:*", "matchCriteriaId": "D4CBDA4F-DBB3-4426-8C16-2B2314ACF21D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.4.0as:*:*:*:*:*:*:*", "matchCriteriaId": "B45225F2-C9EB-493D-B845-64BFB8DBB89B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.4.0s:*:*:*:*:*:*:*", "matchCriteriaId": "252377A3-7F15-45F2-A169-BBC37858D4DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.4.1s:*:*:*:*:*:*:*", "matchCriteriaId": "02E8F96A-EA9C-4E66-8491-9B2A3A4023F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.4.2s:*:*:*:*:*:*:*", "matchCriteriaId": "85908754-8426-49D3-BCC2-AF174B5D0EF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.4.3s:*:*:*:*:*:*:*", "matchCriteriaId": "7F5BA973-D59A-4CB9-BC35-089F88737425", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.4.4s:*:*:*:*:*:*:*", "matchCriteriaId": "5E6E83FC-CFAE-45EA-9F20-830FC5E97399", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.7.0s:*:*:*:*:*:*:*", "matchCriteriaId": "E979597C-E614-45E9-9AC4-66DE323221BF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609."}, {"lang": "es", "value": "Cisco IOS XE v3.2 hasta v3.4 antes de v3.4.5S, y v3.5 hasta v3.7 antes de v3.7.1S, en la serie routers 1000 de servicios de agregaciones (ASR), cuando VRF-aware NAT y ALG SIP est\u00e1n habilitadas, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de la tarjeta), enviando muchos paquetes SIP, tambi\u00e9n conocido como Bug ID CSCuc65609."}], "id": "CVE-2013-1166", "lastModified": "2021-10-05T14:51:27.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-11T10:55:01.910", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}