Vulnerabilities > CVE-2013-3385 - Resource Management Errors vulnerability in Cisco Ironport Asyncos

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

nessus

NVD

Published: 2013-06-27

Updated: 2018-10-30

Summary

The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Ironport Asyncos * Cisco Ironport Asyncos 7.2 Cisco Ironport Asyncos 7.3 Cisco Ironport Asyncos 7.5 Cisco Ironport Asyncos 7.6 Cisco Ironport Asyncos 7.7 Cisco Ironport Asyncos 7.8 Cisco Ironport Asyncos 7.9 Cisco Email Security Appliance Firmware -	9
Hardware	Cisco Cisco Content Security Management - Cisco WEB Security Appliance -	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20130626-SMA.NASL
description	According to its self-reported version, the version of Cisco Content Security Management Appliance running on the remote host has the following vulnerabilities : - An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384) - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3385) - A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)
last seen	2020-06-01
modified	2020-06-02
plugin id	69079
published	2013-07-26
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69079
title	Multiple Vulnerabilities in Cisco Content Security Management Appliance (cisco-sa-20130626-sma)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69079); script_version("1.5"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2013-3384", "CVE-2013-3385", "CVE-2013-3386"); script_bugtraq_id(60805, 60806, 60807); script_xref(name:"CISCO-BUG-ID", value:"CSCzv24579"); script_xref(name:"CISCO-BUG-ID", value:"CSCzv78669"); script_xref(name:"CISCO-BUG-ID", value:"CSCzv81712"); script_xref(name:"CISCO-SA", value:"cisco-sa-20130626-sma"); script_name(english:"Multiple Vulnerabilities in Cisco Content Security Management Appliance (cisco-sa-20130626-sma)"); script_summary(english:"Checks SMA version"); script_set_attribute(attribute:"synopsis", value:"The remote security appliance is missing a vendor-supplied patch."); script_set_attribute( attribute:"description", value: "According to its self-reported version, the version of Cisco Content Security Management Appliance running on the remote host has the following vulnerabilities : - An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384) - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3385) - A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)" ); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?721fa320"); script_set_attribute( attribute:"solution", value: "Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20130626-sma." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:content_security_management_appliance"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("cisco_sma_version.nasl"); script_require_keys("Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion", "Host/AsyncOS/Cisco Content Security Management Appliance/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); display_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion'); ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Content Security Management Appliance/Version'); if (ver =~ "^[0-6]\." \|\| ver =~ "^7\.[012]\.") # 7.2 and earlier display_fix = '7.9.1-102'; else if (ver =~ "^7\.7\.") display_fix = '7.9.1-102'; else if (ver =~ "^7\.8\.") display_fix = '7.9.1-102'; else if (ver =~ "^7\.9\.") display_fix = '7.9.1-102'; else if (ver =~ "^8\.0\.") display_fix = '8.0.0-404'; else audit(AUDIT_INST_VER_NOT_VULN, 'Cisco SMA', display_ver); fix = str_replace(string:display_fix, find:'-', replace:'.'); if (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco SMA', display_ver); if (report_verbosity > 0) { report = '\n Installed version : ' + display_ver + '\n Fixed version : ' + display_fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0);

NASL family	CISCO
NASL id	CISCO-SA-20130626-ESA.NASL
description	According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by multiple vulnerabilities : - An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384) - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3385) - A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)
last seen	2020-06-01
modified	2020-06-02
plugin id	69076
published	2013-07-26
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69076
title	Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69076); script_version("1.7"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2013-3384", "CVE-2013-3385", "CVE-2013-3386"); script_bugtraq_id(60805, 60806, 60807); script_xref(name:"CISCO-BUG-ID", value:"CSCzv25573"); script_xref(name:"CISCO-BUG-ID", value:"CSCzv44633"); script_xref(name:"CISCO-BUG-ID", value:"CSCzv63329"); script_xref(name:"CISCO-SA", value:"cisco-sa-20130626-esa"); script_name(english:"Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)"); script_summary(english:"Checks ESA version"); script_set_attribute(attribute:"synopsis", value: "The remote security appliance is missing a vendor-supplied security patch."); script_set_attribute( attribute:"description", value: "According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by multiple vulnerabilities : - An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384) - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3385) - A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)" ); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9e55d4e"); script_set_attribute( attribute:"solution", value: "Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20130626-esa." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:email_security_appliance"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:email_security_appliance_firmware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("cisco_esa_version.nasl"); script_require_keys("Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion", "Host/AsyncOS/Cisco Email Security Appliance/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); display_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion'); ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Email Security Appliance/Version'); if (ver =~ "^[0-6]\." \|\| ver =~ "^7\.[01]\.") # 7.1 and prior display_fix = '7.1.5-106'; else if (ver =~ "^7\.3\.") display_fix = '8.0.0-671'; else if (ver =~ "^7\.5\.") display_fix = '7.6.3-019'; else if (ver =~ "^7\.6\.") display_fix = '7.6.3-019'; else audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ESA', display_ver); fix = str_replace(string:display_fix, find:'-', replace:'.'); if (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ESA', display_ver); if (report_verbosity > 0) { report = '\n Installed version : ' + display_ver + '\n Fixed version : ' + display_fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0);

NASL family	CISCO
NASL id	CISCO-SA-20130626-WSA.NASL
description	According to its self-reported version, the version of Cisco Web Security Appliance running on the remote host has the following vulnerabilities : - Multiple unspecified vulnerabilities exist in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3383, CVE-2013-3384) - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3385)
last seen	2020-06-01
modified	2020-06-02
plugin id	69082
published	2013-07-26
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69082
title	Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69082); script_version("1.6"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2013-3383", "CVE-2013-3384", "CVE-2013-3385"); script_bugtraq_id(60804, 60805, 60807); script_xref(name:"CISCO-BUG-ID", value:"CSCzv58669"); script_xref(name:"CISCO-BUG-ID", value:"CSCzv69294"); script_xref(name:"CISCO-BUG-ID", value:"CSCzv85726"); script_xref(name:"CISCO-SA", value:"cisco-sa-20130626-wsa"); script_name(english:"Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)"); script_summary(english:"Checks WSA version"); script_set_attribute(attribute:"synopsis", value:"The remote security appliance is missing a vendor-supplied patch."); script_set_attribute( attribute:"description", value: "According to its self-reported version, the version of Cisco Web Security Appliance running on the remote host has the following vulnerabilities : - Multiple unspecified vulnerabilities exist in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3383, CVE-2013-3384) - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3385)" ); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ce4facb"); script_set_attribute( attribute:"solution", value: "Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20130626-wsa." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:web_security_appliance"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("cisco_wsa_version.nasl"); script_require_keys("Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion", "Host/AsyncOS/Cisco Web Security Appliance/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); display_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion'); ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Web Security Appliance/Version'); if (ver =~ "^[0-6]\." \|\| ver =~ "^7\.[01]\.") # 7.1 and prior display_fix = '7.1.3-033'; else if (ver =~ "^7\.5\.") display_fix = '7.5.0-838'; else if (ver =~ "^7\.7\.") display_fix = '7.7.0-602'; else audit(AUDIT_INST_VER_NOT_VULN, 'Cisco WSA', display_ver); fix = str_replace(string:display_fix, find:'-', replace:'.'); if (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco WSA', display_ver); if (report_verbosity > 0) { report = '\n Installed version : ' + display_ver + '\n Fixed version : ' + display_fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References