CVE-2013-3436
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
La configuración por defecto en la característica Group Encrypted Transport VPN (GET VPN) en Cisco IOS usa un mecanismo incorrecto para habilitar el flujo de tráfico Group Domain of Interpretation (GDOI), lo que permite a atacantes remotos eludir la política de cifrado mediante ciertos usos de UDP port 848, también conocido como Bug ID CSCui07698.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-05-06 CVE Reserved
- 2013-07-18 CVE Published
- 2023-05-31 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/95460 | Vdb Entry | |
| http://www.securityfocus.com/bid/61362 | Vdb Entry | |
| http://www.securitytracker.com/id/1028810 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85868 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436 | 2017-11-29 | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=30140 | 2017-11-29 |