CVE-2013-5552

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
ciscoios
𝑥
≤ 12.4\(24\)mdb14
ciscoios
12.4\(24\)md
ciscoios
12.4\(24\)md1
ciscoios
12.4\(24\)md2
ciscoios
12.4\(24\)md3
ciscoios
12.4\(24\)md4
ciscoios
12.4\(24\)md5
ciscoios
12.4\(24\)md5a
ciscoios
12.4\(24\)md6
ciscoios
12.4\(24\)md7
ciscoios
12.4\(24\)md8
ciscoios
12.4\(24\)md9
ciscoios
12.4\(24\)mda6
ciscoios
12.4\(24\)mda7
ciscoios
12.4\(24\)mda8
ciscoios
12.4\(24\)mda9
ciscoios
12.4\(24\)mda10
ciscoios
12.4\(24\)mda11
ciscoios
12.4\(24\)mda12
ciscoios
12.4\(24\)mda13
ciscoios
12.4\(24\)mdb10
ciscoios
12.4\(24\)mdb11
ciscoios
12.4\(24\)mdb12
ciscoios
12.4\(24\)mdb13
ciscoios
12.4mda12:mda12
ciscocontent_services_gateway
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5552
http://tools.cisco.com/security/center/viewAlert.x?alertId=31715
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5552
http://tools.cisco.com/security/center/viewAlert.x?alertId=31715