製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性

Title	複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
Summary	複数の Cisco 製品の SSH 実装には、サービス運用妨害 (DoS) の脆弱性が存在します。この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。報告者: 株式会社富士通研究所兒島尚氏、中田正弘氏
Possible impacts	遠隔の第三者によって、サービス運用妨害 (DoS) 攻撃を受ける可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。
Publication Date	March 7, 2013, midnight
Registration Date	March 7, 2013, 12:01 p.m.
Last Update	March 11, 2013, 4:20 p.m.

CVSS2.0 : 危険
Score	7.8
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:C

Affected System

シスコシステムズ

Cisco Small Business 200 シリーズスマートスイッチ (1.2.7.76 およびそれ以前)

Cisco Small Business 200 シリーズスマートスイッチソフトウェア 1.2.7.76 およびそれ以前

Cisco Small Business 300 シリーズマネージドスイッチ (1.2.7.76 およびそれ以前)

Cisco Small Business 500 Series Stackable Managed Switch (1.2.7.76 およびそれ以前)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-1154	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1154
National Vulnerability Database (NVD)
2	CVE-2013-1154	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1154

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Cisco
1	Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability	http://tools.cisco.com/security/center/viewAlert.x?alertId=27502

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	複数のCisco製スイッチの脆弱性対策について	http://www.ipa.go.jp/about/press/20130307.html
JVN
2	JVN#05132866	http://jvn.jp/jp/JVN05132866/index.html

Change Log

No	Changed Details	Date of change
0	[2013年03月07日] 掲載 [2013年03月11日] 影響を受けるシステム：内容を更新	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-1154

Summary	The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 and earlier allow remote attackers to cause a denial of service (SSL/TLS layer outage) via malformed (1) SSH or (2) SSL packets, aka Bug ID CSCua30246.
Publication Date	March 8, 2013, 5:55 a.m.
Registration Date	Jan. 26, 2021, 3:35 p.m.
Last Update	Nov. 21, 2024, 10:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:cisco:200_series_smart_switches:sf200-24:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sf200-24p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sf200-48:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sf200-48p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-08:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-08p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-18:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-26:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-26p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-50:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-50p:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:h:cisco:300_series_managed_switches:sf300-08:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-24:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-24mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-24p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-48:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-48p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf302-08:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf302-08mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf302-08p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10sfp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-20:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-28:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-28mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-28p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-52:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-52mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-52p:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:cisco:200_series_smart_switches_software::::::::		1.2.7.76
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-24:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-24p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-48:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-48p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-28:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-28p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-52:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-52p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-24:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-24p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-48:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-48p:::::::*

Related information, measures and tools

No	URL	タグ
1	http://jvn.jp/en/jp/JVN05132866/index.html
2	http://jvn.jp/en/jp/JVN05132866/index.html
3	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000017
4	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000017
5	http://tools.cisco.com/security/center/viewAlert.x?alertId=27502	Vendor Advisory
6	http://tools.cisco.com/security/center/viewAlert.x?alertId=27502	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:cisco:200_series_smart_switches:sf200-24:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sf200-24p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sf200-48:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sf200-48p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-08:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-08p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-18:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-26:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-26p:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-50:::::::*
cpe:2.3:h:cisco:200_series_smart_switches:sg200-50p:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:h:cisco:300_series_managed_switches:sf300-08:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-24:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-24mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-24p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-48:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf300-48p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf302-08:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf302-08mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sf302-08p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-10sfp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-20:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-28:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-28mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-28p:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-52:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-52mp:::::::*
cpe:2.3:h:cisco:300_series_managed_switches:sg300-52p:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:cisco:200_series_smart_switches_software::::::::		1.2.7.76
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-24:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-24p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-48:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sf500-48p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-28:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-28p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-52:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500-52p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-24:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-24p:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-48:::::::*
cpe:2.3:h:cisco:500_series_stackable_managed_switches:sg500x-48p:::::::*