VAR-201304-0172

Vulnerability from variot - Updated: 2025-04-11 23:01

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is an operation and maintenance system developed by Cisco Systems for its network devices. A common vulnerability exists in the general purpose input/output control mechanism of Cisco IOS devices, allowing authenticated remote attackers to exploit vulnerabilities to overload the Supervisor Engine or device. The vulnerability is due to incorrect buffer handling, which could be triggered by an attacker submitting multiple simultaneous SNMP requests to the affected system. Cisco IOS is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a reload of the Supervisor Engine or the device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub41105

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201304-0172",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0 sqa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "BID",
        "id": "59357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:ios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "59357"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-1217",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2013-1217",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2013-04106",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-61219",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-1217",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-1217",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-04106",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201304-478",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61219",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is an operation and maintenance system developed by Cisco Systems for its network devices. A common vulnerability exists in the general purpose input/output control mechanism of Cisco IOS devices, allowing authenticated remote attackers to exploit vulnerabilities to overload the Supervisor Engine or device. The vulnerability is due to incorrect buffer handling, which could be triggered by an attacker submitting multiple simultaneous SNMP requests to the affected system. Cisco IOS is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a reload of the Supervisor Engine or the device, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCub41105",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "BID",
        "id": "59357"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1217",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "59357",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "53172",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20130419 GENERIC INPUT/OUTPUT SNMP VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "db": "BID",
        "id": "59357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "id": "VAR-201304-0172",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      }
    ]
  },
  "last_update_date": "2025-04-11T23:01:51.048000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Generic Input/Output SNMP Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1217"
      },
      {
        "title": "29048",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=29048"
      },
      {
        "title": "Patch for Cisco IOS Universal Input/Output SNMP Query Remote Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/33593"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1217"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1217"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1217"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/53172"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=29048"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "db": "BID",
        "id": "59357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "db": "BID",
        "id": "59357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-04-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "date": "2013-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "date": "2013-04-19T00:00:00",
        "db": "BID",
        "id": "59357"
      },
      {
        "date": "2013-04-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "date": "2013-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "date": "2013-04-24T10:28:37.933000",
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-04-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-04106"
      },
      {
        "date": "2013-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61219"
      },
      {
        "date": "2013-04-19T00:00:00",
        "db": "BID",
        "id": "59357"
      },
      {
        "date": "2013-04-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      },
      {
        "date": "2013-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2013-1217"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS of  Generic Input/Output Service disruption in control implementation  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002462"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-478"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…