Vulnerability Description
The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Intrusion Prevention System | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/97525
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=30913Vendor Advisory
- http://www.securityfocus.com/bid/62517Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029057Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87280
- http://osvdb.org/97525
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=30913Vendor Advisory
- http://www.securityfocus.com/bid/62517Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029057Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87280
FAQ
What is CVE-2013-5497?
CVE-2013-5497 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (int...
How severe is CVE-2013-5497?
CVE-2013-5497 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5497?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Intrusion Prevention System.