Skip to main content

Intrusion Prevention System CVE-2013-3410

HIGH
Buffer Overflow (CWE-119)
2013-07-18 psirt@cisco.com
7.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
C

Lifecycle Timeline

1
CVE Published
Jul 18, 2013 - 12:48 cve.org
HIGH 7.8

DescriptionCVE.org

Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977.

AnalysisAI

Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977. Affected products include: Cisco Intrusion Prevention System, Cisco Ips Nme. Version information: before 7.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2013-3411 HIGH
7.8 Jul 18

The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 mod

CVE-2013-1243 HIGH
7.8 Jul 18

The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules bef

CVE-2013-1218 HIGH
7.8 Jul 18

Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote

CVE-2015-0654 HIGH
7.1 Mar 13

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IP

CVE-2014-3406 HIGH
7.1 Oct 19

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows

CVE-2014-2103 MEDIUM
6.8 Feb 27

Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process o

CVE-2014-3402 MEDIUM
5.0 Oct 10

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier

CVE-2012-3901 MEDIUM
5.0 Sep 16

The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a den

CVE-2012-3899 MEDIUM
5.0 Sep 16

sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote atta

CVE-2013-5497 MEDIUM
4.3 Sep 19

The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly han

CVE-2013-1219 MEDIUM
4.4 Apr 29

SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job

Share

CVE-2013-3410 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy