Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability (cisco-sa-20130925-cce)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in the Zone-Based Firewall (ZBFW) component of Cisco
IOS Software could allow an unauthenticated, remote attacker to cause
an affected device to hang or reload. The vulnerability is due to
improper processing of specific HTTP packets when the device is
configured for either Cisco IOS Content Filtering or HTTP application
layer gateway (ALG) inspection. An attacker could exploit this
vulnerability by sending specific HTTP packets through an affected
device. An exploit could allow the attacker to cause an affected
device to hang or reload. Cisco has released free software updates
that address this vulnerability. Workarounds that mitigate this
vulnerability are not available.

See also :

http://www.nessus.org/u?b969cfcb

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130925-cce.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70314 ()

Bugtraq ID: 62642

CVE ID: CVE-2013-5476