Vulnerability Description
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | <= 12.4\(24\)mdb14 |
| Cisco | Content Services Gateway | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5552Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=31715Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5552Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=31715Vendor Advisory
FAQ
What is CVE-2013-5552?
CVE-2013-5552 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restric...
How severe is CVE-2013-5552?
CVE-2013-5552 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5552?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Content Services Gateway.