Cisco IPS Authentication Manager Denial of Service Vulnerability (CSCuf20148)

medium Nessus Plugin ID 72510

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A vulnerability in the web framework of Cisco IPS Software could allow an unauthenticated, remote attacker to cause MainApp to hang intermittently due to the authentication manager process creating a denial of service (DoS) condition.

The vulnerability is due to improper handling of user tokens. An attacker could exploit this vulnerability by sending a crafted connection request to the Cisco IPS management interface.

Solution

Apply the relevant patch referenced in Cisco Bug Id CSCuf20148.

See Also

http://www.nessus.org/u?337a78e5

Plugin Details

Severity: Medium

ID: 72510

File Name: cisco-sn-CSCuf20148-ips.nasl

Version: 1.3

Type: local

Family: CISCO

Published: 2/14/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/h:cisco:intrusion_prevention_system

Required KB Items: Host/Cisco/IPS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/19/2013

Vulnerability Publication Date: 9/19/2013

Reference Information

CVE: CVE-2013-5497

BID: 62517

CISCO-BUG-ID: CSCuf20148