CVE-2013-1155
CVE-2013-1155 is a high-severity vulnerability in Cisco Firewall Services Module Software with a CVSS 2.0 base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.
Key facts
- Severity: High (CVSS 2.0 base score 7.8)
- EPSS exploit prediction: 1% (66th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-287
- Affected product: Cisco Firewall Services Module Software
- Published:
- Last modified:
Description
The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.
Frequently asked questions
- What is CVE-2013-1155?
- The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.
- How severe is CVE-2013-1155?
- CVE-2013-1155 has a CVSS 2.0 base score of 7.8, rated high severity.
- Is CVE-2013-1155 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (66th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-1155?
- CVE-2013-1155 primarily affects Cisco Firewall Services Module Software. In total, 43 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-1155?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2013-1155 published?
- CVE-2013-1155 was published on 2013-04-11 and last updated on 2026-06-16.
References
Affected products (43)
- cpe:2.3:a:cisco:firewall_services_module_software:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(7\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(8\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(9\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(10\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(11\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(12\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(13\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(14\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(15\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(16\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(17\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(18\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(19\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:3.2\(20\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(7\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(8\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(10\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(11\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(12\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(13\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(14\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.0\(15\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firewall_services_module_software:4.1\(2\):*:*:*:*:*:*:*
More vulnerabilities in Cisco Firewall Services Module Software
- CVE-2011-3298 — High (CVSS 7.9): Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series…
- CVE-2013-1149 — High (CVSS 7.8): Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2…
- CVE-2012-0356 — High (CVSS 7.8): Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst…
- CVE-2011-3303 — High (CVSS 7.8): Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series…
- CVE-2011-3302 — High (CVSS 7.8): Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series…
- CVE-2011-3301 — High (CVSS 7.8): Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series…
All CVEs affecting Cisco Firewall Services Module Software →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →