CVE-2013-5488 - OpenCVE

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Prime Lan Management Solution Security Manager Unified Operations Manager Unified Service Monitor

Configuration 1 [-]

OR	cpe:2.3:a:cisco:prime_lan_management_solution:-:::::::*
	cpe:2.3:a:cisco:security_manager::::::::
	cpe:2.3:a:cisco:unified_operations_manager:-:::::::*
	cpe:2.3:a:cisco:unified_service_monitor:-:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488
http://tools.cisco.com/security/center/viewAlert.x?alertId=30749
http://www.securityfocus.com/bid/62333
https://exchange.xforce.ibmcloud.com/vulnerabilities/87026

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2013-09-12T01:00:00

Updated: 2024-08-06T17:15:20.253Z

Reserved: 2013-08-22T00:00:00

Link: CVE-2013-5488

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-12T13:28:32.207

Modified: 2017-08-29T01:33:48.873

Link: CVE-2013-5488

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"name": "cisco-cve20135488-dos(87026)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}, {"name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"name": "62333", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62333"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-5488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"name": "cisco-cve20135488-dos(87026)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}, {"name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"name": "62333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62333"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:15:20.253Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"name": "cisco-cve20135488-dos(87026)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}, {"name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"name": "62333", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62333"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-5488", "datePublished": "2013-09-12T01:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2024-08-06T17:15:20.253Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AC03BFB-10FA-4276-930F-DB450E89DCD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."}, {"lang": "es", "value": "Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, y Cisco Unified Operations Manager, no interactua apropiadamente con el componente ActiveMQ, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de sesiones TCP simult\u00e1neas, tambien conocidas como Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, y CSCuh95969."}], "id": "CVE-2013-5488", "lastModified": "2017-08-29T01:33:48.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-12T13:28:32.207", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"}, {"source": "ykramarz@cisco.com", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/62333"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}