Details of VAR-201402-0383

ID

VAR-201402-0383

CVE

CVE-2014-2103

TITLE

Cisco Intrusion Prevention System Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001512

DESCRIPTION

Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. Vendors have confirmed this vulnerability Bug ID CSCum52355 and CSCul49309 It is released as.Malformed by a third party SNMP Service disruption via packets (MainApp Stop process ) There is a possibility of being put into a state. Attackers can exploit this issue to cause the MainApp process to become unresponsive, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCum52355 and CSCul49309. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

Trust: 1.98

sources: NVD: CVE-2014-2103 // JVNDB: JVNDB-2014-001512 // BID: 65864 // VULHUB: VHN-70042

AFFECTED PRODUCTS

vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(6\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(2\)e3	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(1\)e3	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(2\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(8\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(3\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(4\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(5a\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	6.0	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(7\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(9\)e4	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	6.0.2.0	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.1	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2014-001512 // CNNVD: CNNVD-201402-473 // NVD: CVE-2014-2103

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2103
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2103
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-473
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70042
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2103
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70042
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70042 // JVNDB: JVNDB-2014-001512 // CNNVD: CNNVD-201402-473 // NVD: CVE-2014-2103

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70042 // JVNDB: JVNDB-2014-001512 // NVD: CVE-2014-2103

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-473

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-473

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001512

PATCH

title:

Cisco IPS MainApp SNMP Denial of Service Vulnerability

url:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103

Trust: 0.8

sources: JVNDB: JVNDB-2014-001512

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2103	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001512	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-473	Trust: 0.7
db:	CISCO	id:	20140227 CISCO IPS MAINAPP SNMP DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	65864	Trust: 0.4
db:	VULHUB	id:	VHN-70042	Trust: 0.1

sources: VULHUB: VHN-70042 // BID: 65864 // JVNDB: JVNDB-2014-001512 // CNNVD: CNNVD-201402-473 // NVD: CVE-2014-2103

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2103	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2103	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2103	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70042 // BID: 65864 // JVNDB: JVNDB-2014-001512 // CNNVD: CNNVD-201402-473 // NVD: CVE-2014-2103

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 65864

SOURCES

db:	VULHUB	id:	VHN-70042
db:	BID	id:	65864
db:	JVNDB	id:	JVNDB-2014-001512
db:	CNNVD	id:	CNNVD-201402-473
db:	NVD	id:	CVE-2014-2103

LAST UPDATE DATE

2024-11-23T22:18:38.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70042	date:	2014-02-28T00:00:00
db:	BID	id:	65864	date:	2014-03-07T00:52:00
db:	JVNDB	id:	JVNDB-2014-001512	date:	2014-03-03T00:00:00
db:	CNNVD	id:	CNNVD-201402-473	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-2103	date:	2024-11-21T02:05:39.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70042	date:	2014-02-27T00:00:00
db:	BID	id:	65864	date:	2014-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2014-001512	date:	2014-03-03T00:00:00
db:	CNNVD	id:	CNNVD-201402-473	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-2103	date:	2014-02-27T20:55:06.957