Cisco Firewall Services Module Software Multiple Vulnerabilities (cisco-sa-20131009-fwsm)

Medium Nessus Plugin ID 70493

Synopsis

The remote device is missing a vendor-supplied security update.

Description

The remote Cisco Firewall Services Module (FWSM) device is affected by one or both of the following vulnerabilities.

- A flaw exists in FWSM that could allow an authenticated, unprivileged, local attacker to execute certain commands in any other context of the affected system.
(CVE-2013-5506)

- A flaw exists in FWSM in the SQL*Net Inspection Engine that could allow a remote denial of service that could be triggered when handling a malformed TNS packet.
(CVE-2013-5508)

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20131009-fwsm.

See Also

http://www.nessus.org/u?6e584d57

Plugin Details

Severity: Medium

ID: 70493

File Name: cisco-sa-20131009-fwsm.nasl

Version: 1.12

Type: local

Family: CISCO

Published: 2013/10/18

Updated: 2019/11/27

Dependencies: 69922

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2013-5506

CVSS v2.0

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:firewall_services_module

Required KB Items: Host/Cisco/FWSM/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/09

Vulnerability Publication Date: 2013/10/09

Reference Information

CVE: CVE-2013-5506, CVE-2013-5508

BID: 62912, 62918