CVE-2013-1155

The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:firewall_services_module_software:3.1:::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2:::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(1\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(2\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(3\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(4\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(5\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(6\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(7\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(8\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(9\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(10\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(11\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(12\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(13\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(14\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(15\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(16\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(17\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(18\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(19\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:3.2\(20\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0:::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(1\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(2\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(3\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(4\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(5\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(6\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(7\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(8\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(10\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(11\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(12\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(13\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(14\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.0\(15\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.1:::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.1\(1\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.1\(2\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.1\(3\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.1\(4\):::::::*
	cpe:2.3:a:cisco:firewall_services_module_software:4.1\(5\):::::::*

History

21 Nov 2024, 01:49

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm - Vendor Advisory

Information

Published : 2013-04-11 10:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-1155

Mitre link : CVE-2013-1155

CVE.ORG link : CVE-2013-1155

JSON object : View

Products Affected

cisco

firewall_services_module_software

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-1155", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-11T10:55:01.857", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624."}, {"lang": "es", "value": "La funcionalidad de autenticaci\u00f3n de proxy en Cisco Firewall Services Module (FWSM) software v3.1 y v3.2 antes de v3.2(20.1), v4.0 antes de v4.0(15.2), y v4.1 antes de v4.1(5.1) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de una URL hecha a mano, tambi\u00e9n conocido como Bug ID CSCtg02624."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D05BC0-BC8F-4598-B472-77FF7EE0AA09"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF62AD07-006D-4AD6-A8E9-68EB3D930700"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F425EA4-40A6-4FD7-B2C4-150A4517AD55"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7304563-4DC9-4A0E-9AB5-DC852F58FAA9"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "774D4F68-8331-4160-8DEB-6606D1739BCA"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21E72AE6-BB0C-44E8-AA28-CE19C5551725"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71325A3-E02C-47EC-A9F3-86998B4C54CF"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(6\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BE5DE70-5D5A-4221-8E17-CABBDD990283"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(7\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FB9669-5D07-48CC-AB64-C82E058A2AA9"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(8\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8BF33E0-6C8C-4921-A5E3-0AFD92130180"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(9\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00F3EBCC-F77B-49FE-9894-BD03936935CA"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(10\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2017BA46-5824-4B39-B547-CBD80B245A52"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(11\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D43ED9B-2910-4391-9370-ED622648DB68"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(12\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD4127BD-DC08-4352-810B-752C849AA49C"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(13\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D53FAA-401B-4530-BB75-A0D2F0CBD9F5"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(14\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2009145-F6C0-4275-A56E-E31006709A6F"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(15\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "481B5609-CA88-4E8A-AC84-17CCA2D81D34"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(16\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F11F12F-96AC-4A1D-B995-B0E020F2574C"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(17\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C32B7601-AA90-421B-80F4-CC11CE390563"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "789FE084-1D9B-4779-AF61-0FDE97D2DC0D"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(19\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93E5289-2866-4251-859C-A33B877E8EE3"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:3.2\\(20\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "965D54CB-A558-4140-83D6-3BAD9A38FE2D"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA0A0377-13AC-4834-A266-AFCAC9FE2938"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "404B0B52-90EA-4E5D-B43C-1FE8144EAFDE"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2C62050-0BD8-45B5-B7E6-CEF4426EEF43"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D30BED1-091A-46FB-A274-1778F1025849"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37188FD-7BAE-447A-83A4-C644AE2B4B3E"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF89057D-7C5F-428D-A15D-F386F61590D5"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(6\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE2C1AB7-7A5D-4B8B-96B3-2DDE2A3322E4"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(7\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DEFB820-3031-4B4B-AE02-FCF2527B3BF1"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(8\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB820815-EF7F-44F8-9330-CD879197D0A0"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(10\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E61AFCA-5E0A-4BAF-873A-B8D2D7C5BA4E"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(11\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AE71162-46E5-455D-BA7D-C4E2DFE8F199"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(12\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84DC9BC4-0803-4572-ACB9-136353618996"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(13\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7B2E3F1-7E16-414D-B14C-98CBBAA35D7E"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(14\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "279A740A-F87F-43F3-851F-BCFC09E37A1E"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.0\\(15\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14E40E7E-892D-4975-86BD-31D28A635D30"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37864F5-F1CF-4BA9-A169-FE8EF4BC98B5"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FCC030F-526B-4900-AD5A-9E1591FF767C"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B72A5F-9251-476C-9071-19C06490A363"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.1\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E1B7437-8A7A-484E-983B-32E878BF091F"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.1\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81DFE660-9C82-43BE-84B6-C584EF6D85A7"}, {"criteria": "cpe:2.3:a:cisco:firewall_services_module_software:4.1\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9F9EA36-2A8C-4C15-B0A9-E0E410610F25"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}

7.8 /10