Vulnerability Details : CVE-2013-5663
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
Exploit prediction scoring system (EPSS) score for CVE-2013-5663
Probability of exploitation activity in the next 30 days: 1.77%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5663
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-5663
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5663
-
http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/
App-ID Cache Pollution Update
-
https://security.paloaltonetworks.com/CVE-2013-5663
CVE-2013-5663 App-ID Cache Poisoning
-
http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx
-
http://pastie.org/pastes/5568186/text
404 Not FoundExploit
Products affected by CVE-2013-5663
- cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.8-h3:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:5.0.0-h1:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:paloaltonetworks:pan-os:4.1.5:*:*:*:*:*:*:*