Detections
Analytics

Cisco Firewall Services Module Software Multiple Vulnerabilities (cisco-sa-20131009-fwsm)

medium Nessus Plugin ID 70493

Language:

Synopsis

The remote device is missing a vendor-supplied security update.

Description

The remote Cisco Firewall Services Module (FWSM) device is affected by one or both of the following vulnerabilities.

 - A flaw exists in FWSM that could allow an authenticated, unprivileged, local attacker to execute certain commands in any other context of the affected system.
 (CVE-2013-5506)

 - A flaw exists in FWSM in the SQL*Net Inspection Engine that could allow a remote denial of service that could be triggered when handling a malformed TNS packet.
 (CVE-2013-5508)

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20131009-fwsm.

See Also

http://www.nessus.org/u?6e584d57

Plugin Details

Severity: Medium

ID: 70493

File Name: cisco-sa-20131009-fwsm.nasl

Version: 1.12

Type: local

Family: CISCO

Published: 10/18/2013

Updated: 11/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2013-5506

Vulnerability Information

CPE: cpe:/h:cisco:firewall_services_module

Required KB Items: Host/Cisco/FWSM/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/9/2013

Vulnerability Publication Date: 10/9/2013

Reference Information

CVE: CVE-2013-5506, CVE-2013-5508

BID: 62912, 62918