Vulnerability Name:

CVE-2013-5537 (CCN-88242)

Assigned:2013-10-23
Published:2013-10-23
Updated:2018-10-30
Summary:The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-5537

Source: CCN
Type: SA55440
Cisco Multiple Products Management GUI Denial of Service Vulnerability

Source: CCN
Type: Cisco Security Notice
Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20131022 Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

Source: CCN
Type: OSVDB ID: 98883
Cisco Multiple Appliance HTTP(S) Traffic Handling Remote DoS

Source: CCN
Type: BID-63280
Multiple Cisco Appliances CVE-2013-5537 Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
cisco-cve20135537-dos(88242)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:cisco:web_security_appliance:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:web_security_appliance_(wsa):5.6.0-623:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:email_security_appliance:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:content_security_management_appliance_sma_m190:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco web security appliance -
    cisco content security management appliance -
    cisco email security appliance firmware -
    cisco web security appliance (wsa) 5.6.0-623
    cisco email security appliance -
    cisco content security management appliance sma m190 -