ID
VAR-201401-0341
CVE
CVE-2014-0677
TITLE
Cisco NX-OS Label Distribution Protocol Message Remote Denial of Service Vulnerability
Trust: 0.9
DESCRIPTION
The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. The vulnerability is due to a vulnerability in analytic malformed LDP Hello messages, which an attacker could send to the affected device to trigger the vulnerability. Cisco NX-OS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCul88851. Cisco NX-OS is a data center-oriented operating system developed by Cisco
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | nx-os | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | lte | version: | 6.2(2a) | Trust: 0.8 |
| vendor: | cisco | model: | nx-os software | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0(3) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(6) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(4) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(3) | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco NX-OS Software Label Distribution Protocol Message Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0677 | Trust: 0.8 |
| title: | 32532 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=32532 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-0677 | Trust: 3.4 |
| db: | BID | id: | 65074 | Trust: 2.0 |
| db: | SECTRACK | id: | 1029691 | Trust: 1.1 |
| db: | SECUNIA | id: | 56611 | Trust: 1.1 |
| db: | OSVDB | id: | 102368 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2014-001235 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201401-430 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2014-00586 | Trust: 0.6 |
| db: | CISCO | id: | 20140122 CISCO NX-OS SOFTWARE LABEL DISTRIBUTION PROTOCOL MESSAGE VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-68170 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0677 | Trust: 2.3 |
| url: | http://www.securityfocus.com/bid/65074 | Trust: 1.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=32532 | Trust: 1.1 |
| url: | http://osvdb.org/102368 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1029691 | Trust: 1.1 |
| url: | http://secunia.com/advisories/56611 | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/90623 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0677 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0677 | Trust: 0.8 |
| url: | https://tools.cisco.com/bugsearch/bug/cscul88851 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-00586 |
| db: | VULHUB | id: | VHN-68170 |
| db: | BID | id: | 65074 |
| db: | JVNDB | id: | JVNDB-2014-001235 |
| db: | CNNVD | id: | CNNVD-201401-430 |
| db: | NVD | id: | CVE-2014-0677 |
LAST UPDATE DATE
2024-11-23T22:52:53.684000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-00586 | date: | 2014-01-24T00:00:00 |
| db: | VULHUB | id: | VHN-68170 | date: | 2017-08-29T00:00:00 |
| db: | BID | id: | 65074 | date: | 2014-01-25T00:45:00 |
| db: | JVNDB | id: | JVNDB-2014-001235 | date: | 2014-01-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-430 | date: | 2014-01-30T00:00:00 |
| db: | NVD | id: | CVE-2014-0677 | date: | 2024-11-21T02:02:38.600 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-00586 | date: | 2014-01-24T00:00:00 |
| db: | VULHUB | id: | VHN-68170 | date: | 2014-01-22T00:00:00 |
| db: | BID | id: | 65074 | date: | 2014-01-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001235 | date: | 2014-01-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-430 | date: | 2014-01-30T00:00:00 |
| db: | NVD | id: | CVE-2014-0677 | date: | 2014-01-22T21:55:03.637 |