CVE-2013-1155

Published: Apr 11, 2013Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.

Affected (43)

Products: Cisco: Firewall Services Module Software

Cisco

1 product

Firewall Services Module Software

Configuration A

43 vulnerable

Vulnerable Software	Affected Versions
Cisco Firewall Services Module Software	Version 3.1
Cisco Firewall Services Module Software	Version 3.2
Cisco Firewall Services Module Software	Version 3.2(10)
Cisco Firewall Services Module Software	Version 3.2(11)
Cisco Firewall Services Module Software	Version 3.2(12)
Cisco Firewall Services Module Software	Version 3.2(13)
Cisco Firewall Services Module Software	Version 3.2(14)
Cisco Firewall Services Module Software	Version 3.2(15)
Cisco Firewall Services Module Software	Version 3.2(16)
Cisco Firewall Services Module Software	Version 3.2(17)
Cisco Firewall Services Module Software	Version 3.2(18)
Cisco Firewall Services Module Software	Version 3.2(19)
Cisco Firewall Services Module Software	Version 3.2(1)
Cisco Firewall Services Module Software	Version 3.2(20)
Cisco Firewall Services Module Software	Version 3.2(2)
Cisco Firewall Services Module Software	Version 3.2(3)
Cisco Firewall Services Module Software	Version 3.2(4)
Cisco Firewall Services Module Software	Version 3.2(5)
Cisco Firewall Services Module Software	Version 3.2(6)
Cisco Firewall Services Module Software	Version 3.2(7)
Cisco Firewall Services Module Software	Version 3.2(8)
Cisco Firewall Services Module Software	Version 3.2(9)
Cisco Firewall Services Module Software	Version 4.0
Cisco Firewall Services Module Software	Version 4.0(10)
Cisco Firewall Services Module Software	Version 4.0(11)
Cisco Firewall Services Module Software	Version 4.0(12)
Cisco Firewall Services Module Software	Version 4.0(13)
Cisco Firewall Services Module Software	Version 4.0(14)
Cisco Firewall Services Module Software	Version 4.0(15)
Cisco Firewall Services Module Software	Version 4.0(1)
Cisco Firewall Services Module Software	Version 4.0(2)
Cisco Firewall Services Module Software	Version 4.0(3)
Cisco Firewall Services Module Software	Version 4.0(4)
Cisco Firewall Services Module Software	Version 4.0(5)
Cisco Firewall Services Module Software	Version 4.0(6)
Cisco Firewall Services Module Software	Version 4.0(7)
Cisco Firewall Services Module Software	Version 4.0(8)
Cisco Firewall Services Module Software	Version 4.1
Cisco Firewall Services Module Software	Version 4.1(1)
Cisco Firewall Services Module Software	Version 4.1(2)
Cisco Firewall Services Module Software	Version 4.1(3)
Cisco Firewall Services Module Software	Version 4.1(4)
Cisco Firewall Services Module Software	Version 4.1(5)

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.