Lucene search

CiscoCISCO-SA-20130422-CVE-2013-1195

HistoryApr 22, 2013 - 7:37 p.m.

Cisco Adaptive Security Appliance Software and Firewall Services Module Software Time-Range Object Access List Bypass Vulnerability

2013-04-2219:37:07

tools.cisco.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

A vulnerability in the implementation of the time-range object could allow an unauthenticated, remote attacker to bypass access lists that are using the time-range option.

The vulnerability is due to improper implementation of the code for the time-range object, when the periodic command is used. Due to this issue, the time-range object may have no effect. Therefore, depending on the access-list statement (permit or deny), an attacker could bypass the access list. An attacker could exploit this vulnerability by sending traffic through the affected system.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

Customers are advised to review the bug reports in the vendor announcements section for a current list of affected versions.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscopix_firewallMatchany

ciscoadaptive_security_virtual_applianceMatch8.4

ciscopix_firewallMatchany

ciscoadaptive_security_virtual_applianceMatch8.4.1

ciscoadaptive_security_virtual_applianceMatch8.4.2

ciscoadaptive_security_virtual_applianceMatch8.4.1.3

ciscoadaptive_security_virtual_applianceMatch8.4.1.11

ciscoadaptive_security_virtual_applianceMatch8.4.2.8

ciscoadaptive_security_virtual_applianceMatch8.4.3

ciscoadaptive_security_virtual_applianceMatch8.4.3.8

ciscoadaptive_security_virtual_applianceMatch8.4.3.9

ciscoadaptive_security_virtual_applianceMatch8.4.4

ciscoadaptive_security_virtual_applianceMatch8.4.4.1

ciscoadaptive_security_virtual_applianceMatch8.4.4.3

ciscoadaptive_security_virtual_applianceMatch8.4.4.5

ciscoadaptive_security_virtual_applianceMatch8.4.4.9

ciscoadaptive_security_virtual_applianceMatch8.4.5

ciscoadaptive_security_virtual_applianceMatch8.4.5.6

ciscoadaptive_security_virtual_applianceMatch8.4.6

CPENameOperatorVersion
cisco firewall services module (fwsm)eqany
cisco adaptive security appliance (asa) softwareeq8.4
cisco firewall services module (fwsm)eqany
cisco adaptive security appliance (asa) softwareeq8.4.1
cisco adaptive security appliance (asa) softwareeq8.4.2
cisco adaptive security appliance (asa) softwareeq8.4.1.3
cisco adaptive security appliance (asa) softwareeq8.4.1.11
cisco adaptive security appliance (asa) softwareeq8.4.2.8
cisco adaptive security appliance (asa) softwareeq8.4.3
cisco adaptive security appliance (asa) softwareeq8.4.3.8

Name	Operator	Version
cisco firewall services module (fwsm)	eq	any
cisco adaptive security appliance (asa) software	eq	8.4
cisco firewall services module (fwsm)	eq	any
cisco adaptive security appliance (asa) software	eq	8.4.1
cisco adaptive security appliance (asa) software	eq	8.4.2
cisco adaptive security appliance (asa) software	eq	8.4.1.3
cisco adaptive security appliance (asa) software	eq	8.4.1.11
cisco adaptive security appliance (asa) software	eq	8.4.2.8
cisco adaptive security appliance (asa) software	eq	8.4.3
cisco adaptive security appliance (asa) software	eq	8.4.3.8

Rows per page:

1-10 of 191

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130422-CVE-2013-1195

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for CISCO-SA-20130422-CVE-2013-1195