5.4
MEDIUM
CVE-2013-1100
Cisco IOS Catalyst DoS Vulnerability (Denial of Service)
Description

The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.

INFO

Published Date :

Feb. 13, 2013, 11:55 p.m.

Last Modified :

Nov. 21, 2024, 1:48 a.m.

Remotely Exploitable :

Yes !

Impact Score :

6.9

Exploitability Score :

4.9
Affected Products

The following products are affected by CVE-2013-1100 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco ios
2 Cisco catalyst_2820
3 Cisco catalyst_2900
4 Cisco catalyst_2901
5 Cisco catalyst_2902
6 Cisco catalyst_2920
7 Cisco catalyst_2926
8 Cisco catalyst_2926f
9 Cisco catalyst_2926gl
10 Cisco catalyst_2926gs
11 Cisco catalyst_2926t
12 Cisco catalyst_2940
13 Cisco catalyst_2948
14 Cisco catalyst_2948-ge-tx
15 Cisco catalyst_2948g-l3
16 Cisco catalyst_2950
17 Cisco catalyst_2950_lre
18 Cisco catalyst_2955
19 Cisco catalyst_2970
20 Cisco catalyst_2980g
21 Cisco catalyst_2980g-a
22 Cisco catalyst_3000
23 Cisco catalyst_3200
24 Cisco catalyst_3500_xl
25 Cisco catalyst_3550
26 Cisco catalyst_3560
27 Cisco catalyst_3750
28 Cisco catalyst_3750_metro
29 Cisco catalyst_3900
30 Cisco catalyst_4000
31 Cisco catalyst_4200
32 Cisco catalyst_4224
33 Cisco catalyst_4232
34 Cisco catalyst_4232-13
35 Cisco catalyst_4500
36 Cisco catalyst_4503
37 Cisco catalyst_4506
38 Cisco catalyst_4507r
39 Cisco catalyst_4510r
40 Cisco catalyst_4840g
41 Cisco catalyst_4908g-l3
42 Cisco catalyst_4912g
43 Cisco catalyst_4948
44 Cisco catalyst_5000
45 Cisco catalyst_5505
46 Cisco catalyst_5509
47 Cisco catalyst_6000
48 Cisco catalyst_6000_ws-svc-nam-1
49 Cisco catalyst_6000_ws-svc-nam-2
50 Cisco catalyst_6000_ws-x6380-nam
51 Cisco catalyst_6500
52 Cisco catalyst_6500_ws-svc-nam-1
53 Cisco catalyst_6500_ws-svc-nam-2
54 Cisco catalyst_6500_ws-x6380-nam
55 Cisco catalyst_6608
56 Cisco catalyst_6624
57 Cisco catalyst_7600
58 Cisco catalyst_7600_ws-svc-nam-1
59 Cisco catalyst_7600_ws-svc-nam-2
60 Cisco catalyst_7600_ws-x6380-nam
61 Cisco catalyst_8500
62 Cisco catalyst_8510csr
63 Cisco catalyst_8510msr
64 Cisco catalyst_8540csr
65 Cisco catalyst_8540msr
66 Cisco catalyst_ws-c2924-xl
67 Cisco catalyst_2900_vlan
68 Cisco catalyst_2900xl
69 Cisco catalyst_3500xl
70 Cisco catalyst_3750-x
71 Cisco catalyst_3750g
72 Cisco catalyst_6503-e
73 Cisco catalyst_6504-e
74 Cisco catalyst_6506-e
75 Cisco catalyst_6509-e
76 Cisco catalyst_6509-neb-a
77 Cisco catalyst_6509-v-e
78 Cisco catalyst_6513
79 Cisco catalyst_6513-e
80 Cisco catalyst_3560-e
81 Cisco catalyst_3560-x
82 Cisco catalyst_3750-e
83 Cisco catalyst_2948g
84 Cisco catalyst_3500
85 Cisco catalyst_5500
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2013-1100.

URL Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2013-1100 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2013-1100 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Feb. 14, 2013

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2013-1100 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2013-1100 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.18 }} 0.04%

score

0.55666

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability