CVE-2013-3385

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.

La interfaz de gestión en el framwork web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes de v7.1.3-013, antes de v7.5.0-838 v7.5, y v7.7 antes de v7.7.0-602; Email Security Appliance dispositivos antes de v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019; y dispositivos Content Security Management Appliance antes de v7.9.1-102 y v8.0 antes v8.0.0-404 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de una serie de (1) o HTTP (2) solicitudes HTTPS a una interfaz de gestión, también conocido como Bug ID CSCzv58669, CSCzv63329 y CSCzv78669.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-05-06 CVE Reserved
2013-06-27 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa	2018-10-30
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma	2018-10-30
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.3"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.3"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.3"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.2 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.2"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.2 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.2"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.2 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.2"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.7 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.7"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.7 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.7"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.7 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.7"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.8 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.8"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.8 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.8"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.8 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.8"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe