Vulnerability Name:

CVE-2013-1195 (CCN-83721)

Assigned:2013-04-22
Published:2013-04-22
Updated:2013-04-24
Summary:The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2013-1195

Source: CCN
Type: SA53131
Cisco ASA Software time-range Object Security Bypass Security Issue

Source: CCN
Type: SA53140
Cisco Firewall Services Module time-range Object Security Bypass Security Issue

Source: CCN
Type: Cisco Security Notice
Time-Range Object Access List Bypass Vulnerability

Source: CISCO
Type: Vendor Advisory
20130422 Time-Range Object Access List Bypass Vulnerability

Source: CCN
Type: BID-59395
Cisco Adaptive Security Appliance Time-Range Object Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
ciscoasa-cve20131195-sec-bypass(83721)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firewall_services_module:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:8.2(5):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firewall_services_module_software:4.1(5):*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    cisco adaptive security appliance software -
    cisco firewall services module *
    cisco adaptive security appliance software 8.2(5)
    cisco firewall services module software 4.1(5)