Vulnerability Name:

CVE-2013-5537

Assigned:2013-08-22
Published:2013-10-24
Updated:2013-10-24
Summary:The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.
CVSS v3 Severity:7.5 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
References:Source: CISCO
Type: VENDOR_ADVISORY
20131022 Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
cisco-cve20135537-dos(88242)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:cisco:web_security_appliance:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/h:cisco:email_security_appliance:-:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    cisco web_security_appliance -
    cisco content_security_management_appliance -
    cisco email_security_appliance -