Sign-up

ID

VAR-201402-0197


CVE

CVE-2014-0719


TITLE

Cisco IPS Denial of service in the implementation of software control plane access lists (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001450

DESCRIPTION

The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. Cisco IPS Software is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the MainApp process to become unresponsive, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCui67394. The software protects against malware, worms, viruses, and more

Trust: 1.98

sources: NVD: CVE-2014-0719 // JVNDB: JVNDB-2014-001450 // BID: 65667 // VULHUB: VHN-68212

AFFECTED PRODUCTS

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(6\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(2\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(3\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(7\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(4\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(8\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.2\(1\)e4

Trust: 1.6

vendor:ciscomodel:ips sensor softwarescope:lteversion:7.1\(1\)e4

Trust: 1.0

vendor:ciscomodel:ips softwarescope:eqversion:7.2(2)e4

Trust: 0.8

vendor:ciscomodel:ips softwarescope:ltversion:7.2

Trust: 0.8

vendor:ciscomodel:ips sensor softwarescope:eqversion:7.1\(1\)e4

Trust: 0.6

vendor:ciscomodel:ips series sensorsscope:eqversion:4200

Trust: 0.3

sources: BID: 65667 // JVNDB: JVNDB-2014-001450 // CNNVD: CNNVD-201402-317 // NVD: CVE-2014-0719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0719
value: HIGH

Trust: 1.0

NVD: CVE-2014-0719
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201402-317
value: HIGH

Trust: 0.6

VULHUB: VHN-68212
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0719
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68212
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68212 // JVNDB: JVNDB-2014-001450 // CNNVD: CNNVD-201402-317 // NVD: CVE-2014-0719

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68212 // JVNDB: JVNDB-2014-001450 // NVD: CVE-2014-0719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-317

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201402-317

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001450

PATCH
title:32605url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32605
Trust: 0.8
title:cisco-sa-20140219-ipsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips
Trust: 0.8
title:32839url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32839
Trust: 0.8
title:cisco-sa-20140219-ipsurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122082_cisco-sa-20140219-ips-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001450

EXTERNAL IDS
db:NVDid:CVE-2014-0719
Trust: 2.8
db:JVNDBid:JVNDB-2014-001450
Trust: 0.8
db:CNNVDid:CNNVD-201402-317
Trust: 0.7
db:SECUNIAid:57049
Trust: 0.6
db:SECUNIAid:56980
Trust: 0.6
db:CISCOid:20140219 MULTIPLE VULNERABILITIES IN CISCO IPS SOFTWARE
Trust: 0.6
db:BIDid:65667
Trust: 0.4
db:VULHUBid:VHN-68212
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68212 // 
            
            
            
            BID: 65667 // 
            
            
            
            JVNDB: JVNDB-2014-001450 // 
            
            
            
            CNNVD: CNNVD-201402-317 // 
            
            
            
            NVD: CVE-2014-0719

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140219-ips
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0719
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0719
Trust: 0.8
url:http://secunia.com/advisories/56980
Trust: 0.6
url:http://secunia.com/advisories/57049
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68212 // 
            
            
            
            BID: 65667 // 
            
            
            
            JVNDB: JVNDB-2014-001450 // 
            
            
            
            CNNVD: CNNVD-201402-317 // 
            
            
            
            NVD: CVE-2014-0719

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 65667

SOURCES
db:VULHUBid:VHN-68212
db:BIDid:65667
db:JVNDBid:JVNDB-2014-001450
db:CNNVDid:CNNVD-201402-317
db:NVDid:CVE-2014-0719

LAST UPDATE DATE
2024-11-23T22:23:11.375000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68212date:2016-09-08T00:00:00
db:BIDid:65667date:2014-02-19T00:00:00
db:JVNDBid:JVNDB-2014-001450date:2014-03-13T00:00:00
db:CNNVDid:CNNVD-201402-317date:2014-02-26T00:00:00
db:NVDid:CVE-2014-0719date:2024-11-21T02:02:41.073

SOURCES RELEASE DATE
db:VULHUBid:VHN-68212date:2014-02-22T00:00:00
db:BIDid:65667date:2014-02-19T00:00:00
db:JVNDBid:JVNDB-2014-001450date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-317date:2014-02-26T00:00:00
db:NVDid:CVE-2014-0719date:2014-02-22T21:55:09.577