Sign-up

ID

VAR-201403-0475


CVE

CVE-2014-2106


TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001825

DESCRIPTION

Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A remote denial of service vulnerability exists in Cisco IOS/IOS XE-specific SIP message processing. This issue is being tracked by Cisco Bug ID CSCug45898

Trust: 2.52

sources: NVD: CVE-2014-2106 // JVNDB: JVNDB-2014-001825 // CNVD: CNVD-2014-01991 // BID: 66465 // VULHUB: VHN-70045

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01991

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.10.0s

Trust: 2.4

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.10.1s1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m

Trust: 1.6

vendor:ciscomodel:ios xe 3.10.1sscope: - version: -

Trust: 0.9

vendor:ciscomodel:ios xe 3.10.0sscope: - version: -

Trust: 0.9

vendor:ciscomodel:iosscope:eqversion:15.3(3)m

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.3(3)m1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.10.1s

Trust: 0.8

vendor:ciscomodel:ios 15.3mscope: - version: -

Trust: 0.6

vendor:rockwellmodel:automation stratixscope:eqversion:59000

Trust: 0.3

vendor:ciscomodel:ios 15.3 m1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 mscope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:neversion:590015.6.3

Trust: 0.3

vendor:ciscomodel:ios xe 3.10.2sscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2014-01991 // BID: 66465 // JVNDB: JVNDB-2014-001825 // CNNVD: CNNVD-201403-506 // NVD: CVE-2014-2106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2106
value: HIGH

Trust: 1.0

NVD: CVE-2014-2106
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01991
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-506
value: HIGH

Trust: 0.6

VULHUB: VHN-70045
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2106
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01991
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70045
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-01991 // VULHUB: VHN-70045 // JVNDB: JVNDB-2014-001825 // CNNVD: CNNVD-201403-506 // NVD: CVE-2014-2106

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-70045 // JVNDB: JVNDB-2014-001825 // NVD: CVE-2014-2106

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-506

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201403-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001825

PATCH
title:32537url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32537
Trust: 0.8
title:cisco-sa-20140326-sipurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip
Trust: 0.8
title:3864/0url:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=3864&signatureSubId=0&softwareVersion=6.0&releaseVersion=S781
Trust: 0.8
title:33344url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33344
Trust: 0.8
title:cisco-sa-20140326-sipurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122243_cisco-sa-20140326-sip-j.html
Trust: 0.8
title:Patch for Cisco IOS/IOS XE-Specific SIP Message Handling Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/44543
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01991 // 
            
            
            
            JVNDB: JVNDB-2014-001825

EXTERNAL IDS
db:NVDid:CVE-2014-2106
Trust: 3.4
db:BIDid:66465
Trust: 1.0
db:JVNDBid:JVNDB-2014-001825
Trust: 0.8
db:OSVDBid:104969
Trust: 0.6
db:CNVDid:CNVD-2014-01991
Trust: 0.6
db:CISCOid:20140326 CISCO IOS SOFTWARE SESSION INITIATION PROTOCOL DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:SECUNIAid:57632
Trust: 0.6
db:CNNVDid:CNNVD-201403-506
Trust: 0.6
db:ICS CERTid:ICSA-17-094-04
Trust: 0.3
db:VULHUBid:VHN-70045
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-01991 // 
            
            
            
            VULHUB: VHN-70045 // 
            
            
            
            BID: 66465 // 
            
            
            
            JVNDB: JVNDB-2014-001825 // 
            
            
            
            CNNVD: CNNVD-201403-506 // 
            
            
            
            NVD: CVE-2014-2106

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140326-sip
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2106
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2106
Trust: 0.8
url:http://osvdb.com/show/osvdb/104969
Trust: 0.6
url:http://secunia.com/advisories/57632
Trust: 0.6
url:http://www.cisco.com/public/sw-center/sw-ios.shtml
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-04
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01991 // 
            
            
            
            VULHUB: VHN-70045 // 
            
            
            
            BID: 66465 // 
            
            
            
            JVNDB: JVNDB-2014-001825 // 
            
            
            
            CNNVD: CNNVD-201403-506 // 
            
            
            
            NVD: CVE-2014-2106

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66465

SOURCES
db:CNVDid:CNVD-2014-01991
db:VULHUBid:VHN-70045
db:BIDid:66465
db:JVNDBid:JVNDB-2014-001825
db:CNNVDid:CNNVD-201403-506
db:NVDid:CVE-2014-2106

LAST UPDATE DATE
2024-11-23T20:04:29.522000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01991date:2014-03-28T00:00:00
db:VULHUBid:VHN-70045date:2014-03-28T00:00:00
db:BIDid:66465date:2017-05-23T16:25:00
db:JVNDBid:JVNDB-2014-001825date:2014-03-31T00:00:00
db:CNNVDid:CNNVD-201403-506date:2014-04-01T00:00:00
db:NVDid:CVE-2014-2106date:2024-11-21T02:05:39.867

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-01991date:2014-03-28T00:00:00
db:VULHUBid:VHN-70045date:2014-03-27T00:00:00
db:BIDid:66465date:2014-03-26T00:00:00
db:JVNDBid:JVNDB-2014-001825date:2014-03-31T00:00:00
db:CNNVDid:CNNVD-201403-506date:2014-03-28T00:00:00
db:NVDid:CVE-2014-2106date:2014-03-27T21:55:08.940