CVE-2013-5488 - OpenCVE

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Prime Lan Management Solution Security Manager Unified Operations Manager Unified Service Monitor

Configuration 1 [-]

OR	cpe:2.3:a:cisco:prime_lan_management_solution:-:::::::*
	cpe:2.3:a:cisco:security_manager::::::::
	cpe:2.3:a:cisco:unified_operations_manager:-:::::::*
	cpe:2.3:a:cisco:unified_service_monitor:-:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=30749
http://www.securityfocus.com/bid/62333
https://exchange.xforce.ibmcloud.com/vulnerabilities/87026

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2013-09-12T01:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2013-08-22T00:00:00

Link: CVE-2013-5488

JSON object: View

NVD Information

Status : Modified

Published: 2013-09-12T13:28:32.207

Modified: 2017-08-29T01:33:48.873

Link: CVE-2013-5488

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"name": "cisco-cve20135488-dos(87026)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}, {"name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"name": "62333", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62333"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-5488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"name": "cisco-cve20135488-dos(87026)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}, {"name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"name": "62333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62333"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-5488", "datePublished": "2013-09-12T01:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AC03BFB-10FA-4276-930F-DB450E89DCD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}, {"lang": "es", "value": "Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, y Cisco Unified Operations Manager, no interactua apropiadamente con el componente ActiveMQ, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de sesiones TCP simult\u00e1neas, tambien conocidas como Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, y CSCuh95969."}], "id": "CVE-2013-5488", "lastModified": "2017-08-29T01:33:48.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-12T13:28:32.207", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"source": "ykramarz@cisco.com", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/62333"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}