Summaryinfo

A vulnerability classified as problematic has been found in Cisco IOS. The affected element is an unknown function of the component Encryption. This manipulation causes resource management. This vulnerability is tracked as CVE-2013-1136. No exploit exists.

Detailsinfo

A vulnerability has been found in Cisco IOS (Router Operating System) (version now known) and classified as problematic. Affected by this vulnerability is some unknown processing of the component Encryption. The manipulation with an unknown input leads to a resource management vulnerability. The CWE definition for the vulnerability is CWE-399. As an impact it is known to affect availability. The summary by CVE is:

The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193.

The weakness was disclosed 05/13/2013 as CSCuc52193 as confirmed security notice (Website). It is possible to read the advisory at tools.cisco.com. This vulnerability is known as CVE-2013-1136 since 01/11/2013. The exploitation appears to be easy. Attacking locally is a requirement. Required for exploitation is a single authentication. The technical details are unknown and an exploit is not publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion