Vulnerability Name: | CVE-2013-1195 (CCN-83721) | ||||||||
Assigned: | 2013-04-22 | ||||||||
Published: | 2013-04-22 | ||||||||
Updated: | 2013-04-24 | ||||||||
Summary: | The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-1195 Source: CCN Type: SA53131 Cisco ASA Software time-range Object Security Bypass Security Issue Source: CCN Type: SA53140 Cisco Firewall Services Module time-range Object Security Bypass Security Issue Source: CCN Type: Cisco Security Notice Time-Range Object Access List Bypass Vulnerability Source: CISCO Type: Vendor Advisory 20130422 Time-Range Object Access List Bypass Vulnerability Source: CCN Type: BID-59395 Cisco Adaptive Security Appliance Time-Range Object Security Bypass Vulnerability Source: XF Type: UNKNOWN ciscoasa-cve20131195-sec-bypass(83721) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |