CVE-2013-3386

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.

El componente de IronPort Spam Quarantine (ISQ) en el framework web de IronPort AsyncOS en dispositivos Cisco Email Security Appliance anteriores a v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019 y dispositivos Content Security Management Appliance antes de v7.9.1 -102 y v8.0 antes de v8.0.0-404 permite a atacantes remotos provocar una denegación de servicio (caída del servicio o cuelgue) a través de una alta tasa de intentos de conexión TCP, identificadores de incidencias también conocido como CSCzv25573 y CSCzv81712.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-05-06 CVE Reserved
2013-06-27 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa	2018-10-30
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.5 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.5"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.1.5 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.1.5"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.3 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.3"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.5 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.5"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.6 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.6"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	7.9 Search vendor "Cisco" for product "Ironport Asyncos" and version "7.9"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.0 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Search vendor "Cisco" for product "Content Security Management"	-	-	Safe
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.0 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Safe