Details of VAR-201403-0463

ID

VAR-201403-0463

CVE

CVE-2014-2113

TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001831

DESCRIPTION

Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. There is a possibility. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A remote denial of service vulnerability exists in Cisco IOS/IOS XE-specific IPv6 packet processing I/O. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCui59540. The following releases are affected: Cisco IOS Releases 15.1 through 15.3; IOS XE Release 3.3, Release 3.5 prior to 3.5.2E, Release 3.7 prior to 3.7.5S, Release 3.8, Release 3.9, Release 3.10 prior to 3.10.2S

Trust: 2.52

sources: NVD: CVE-2014-2113 // JVNDB: JVNDB-2014-001831 // CNVD: CNVD-2014-01992 // BID: 66467 // VULHUB: VHN-70052

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01992

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s\(.1\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s\(.2\)	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s\(.0\)	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1sg	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.xs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s\(.2\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s\(.0\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s\(.0\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s\(.2\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s\(.1\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s\(.0\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s\(.1\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1s1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s\(.1\)	Trust: 1.0
vendor:	cisco	model:	ios 15.2ja	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2m	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.3m	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.3t	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.5	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.10	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1 to 15.3	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.5s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2e	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.7	Trust: 0.8
vendor:	cisco	model:	ios xe 3.3xxo	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.5.1e	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.7.4s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.8.xs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.9.xs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.10.1s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1xo	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2ex	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2e	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2ey	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2gc	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 jb	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 jb3a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2jbx	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2jn	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 s5	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 gc	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 s2	scope:	ne	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation stratix	scope:	eq	version:	59000	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7.xs	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5.xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10.xs	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e	scope:	-	version:	-	Trust: 0.3
vendor:	rockwell	model:	automation stratix	scope:	ne	version:	590015.6.3	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7.5s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5.2e	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10.2s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 m2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 t3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gc1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e2	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-01992 // BID: 66467 // JVNDB: JVNDB-2014-001831 // CNNVD: CNNVD-201403-512 // NVD: CVE-2014-2113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2113
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2113
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01992
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201403-512
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70052
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2113
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01992
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70052
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-01992 // VULHUB: VHN-70052 // JVNDB: JVNDB-2014-001831 // CNNVD: CNNVD-201403-512 // NVD: CVE-2014-2113

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70052 // JVNDB: JVNDB-2014-001831 // NVD: CVE-2014-2113

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-512

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201403-512

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001831

PATCH

title:	cisco-sa-20140326-ipv6	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6	Trust: 0.8
title:	33351	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33351	Trust: 0.8
title:	cisco-sa-20140326-ipv6	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122244_cisco-sa-20140326-ipv6-j.html	Trust: 0.8
title:	Patch for I/O Remote Denial of Service Vulnerability in Cisco IOS/IOS XE-Specific IPv6 Packets	url:	https://www.cnvd.org.cn/patchInfo/show/44542	Trust: 0.6

sources: CNVD: CNVD-2014-01992 // JVNDB: JVNDB-2014-001831

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2113	Trust: 3.4
db:	BID	id:	66467	Trust: 2.0
db:	SECUNIA	id:	57635	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-001831	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-512	Trust: 0.7
db:	OSVDB	id:	104968	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01992	Trust: 0.6
db:	CISCO	id:	20140326 CISCO IOS SOFTWARE CRAFTED IPV6 PACKET DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	ICS CERT	id:	ICSA-17-094-04	Trust: 0.3
db:	SEEBUG	id:	SSVID-61985	Trust: 0.1
db:	VULHUB	id:	VHN-70052	Trust: 0.1

sources: CNVD: CNVD-2014-01992 // VULHUB: VHN-70052 // BID: 66467 // JVNDB: JVNDB-2014-001831 // CNNVD: CNNVD-201403-512 // NVD: CVE-2014-2113

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140326-ipv6	Trust: 2.6
url:	http://www.securityfocus.com/bid/66467	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2113	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2113	Trust: 0.8
url:	http://osvdb.com/show/osvdb/104968	Trust: 0.6
url:	http://secunia.com/advisories/57635/	Trust: 0.6
url:	http://secunia.com/advisories/57635	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-094-04	Trust: 0.3

sources: CNVD: CNVD-2014-01992 // VULHUB: VHN-70052 // BID: 66467 // JVNDB: JVNDB-2014-001831 // CNNVD: CNNVD-201403-512 // NVD: CVE-2014-2113

CREDITS

Cisco

Trust: 0.3

sources: BID: 66467

SOURCES

db:	CNVD	id:	CNVD-2014-01992
db:	VULHUB	id:	VHN-70052
db:	BID	id:	66467
db:	JVNDB	id:	JVNDB-2014-001831
db:	CNNVD	id:	CNNVD-201403-512
db:	NVD	id:	CVE-2014-2113

LAST UPDATE DATE

2024-11-23T20:21:26.672000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01992	date:	2014-03-28T00:00:00
db:	VULHUB	id:	VHN-70052	date:	2017-05-23T00:00:00
db:	BID	id:	66467	date:	2017-05-23T16:24:00
db:	JVNDB	id:	JVNDB-2014-001831	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-512	date:	2014-03-28T00:00:00
db:	NVD	id:	CVE-2014-2113	date:	2024-11-21T02:05:40.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01992	date:	2014-03-28T00:00:00
db:	VULHUB	id:	VHN-70052	date:	2014-03-27T00:00:00
db:	BID	id:	66467	date:	2014-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-001831	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-512	date:	2014-03-28T00:00:00
db:	NVD	id:	CVE-2014-2113	date:	2014-03-27T21:55:09.110