Vulnerability Name:

CVE-2013-3385 (CCN-85284)

Assigned:2013-06-26
Published:2013-06-26
Updated:2018-10-30
Summary:The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-3385

Source: CCN
Type: SA53957
Cisco Appliances Multiple Vulnerabilities

Source: CCN
Type: SA53974
Cisco IronPort Web Security Appliance Multiple Vulnerabilities

Source: CCN
Type: cisco-sa-20130626-esa
Multiple Vulnerabilities in Cisco Email Security Appliance

Source: CISCO
Type: UNKNOWN
20130626 Multiple Vulnerabilities in Cisco Email Security Appliance

Source: CCN
Type: cisco-sa-20130626-sma
Multiple Vulnerabilities in Cisco Content Security Management Appliance

Source: CISCO
Type: Vendor Advisory
20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance

Source: CCN
Type: cisco-sa-20130626-wsa
Multiple Vulnerabilities in Cisco Web Security Appliance

Source: CISCO
Type: UNKNOWN
20130626 Multiple Vulnerabilities in Cisco Web Security Appliance

Source: CCN
Type: BID-60807
Multiple Cisco Products CVE-2013-3385 Remote Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
cisco-web-cve20133385-dos(85284)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ironport_asyncos:*:*:*:*:*:*:*:* (Version <= 7.1.3)
  • OR cpe:/o:cisco:ironport_asyncos:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ironport_asyncos:7.8:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:content_security_management:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:web_security_appliance:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco ironport asyncos *
    cisco ironport asyncos 7.2
    cisco ironport asyncos 7.3
    cisco ironport asyncos 7.5
    cisco ironport asyncos 7.6
    cisco ironport asyncos 7.7
    cisco ironport asyncos 7.8
    cisco ironport asyncos 7.9
    cisco content security management -
    cisco web security appliance -
    cisco email security appliance firmware -
    cisco web security appliance *