CVE-2013-1147Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 28
Latest updateMay 17

Description

The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-4p29-f3rw-9cmg: The Protocol Translation (PT) functionality in Cisco IOS 122022-05-17
CVEList
CVE-2013-1147: The Protocol Translation (PT) functionality in Cisco IOS 122013-03-28

💥Exploits & PoCs

2
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution (2)2021-07-23
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution2020-08-17

📋Vendor Advisories

1
Cisco
Cisco IOS Software Protocol Translation Vulnerability2013-03-27
CVE-2013-1147 — Cisco IOS vulnerability | cvebase