Details of VAR-201404-0561

ID

VAR-201404-0561

CVE

CVE-2014-2183

TITLE

ASR 1000 Runs on the router Cisco IOS XE of L2TP Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002266

DESCRIPTION

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is due to the failure to properly process L2TP packets. The attacker can use the vulnerability to send malformed L2TP packets to crash the service and cause a denial of service attack. Successful exploits may allow attackers to cause a reload of the affected ESP card, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCun09973

Trust: 2.52

sources: NVD: CVE-2014-2183 // JVNDB: JVNDB-2014-002266 // CNVD: CNVD-2014-02737 // BID: 67093 // VULHUB: VHN-70122

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02737

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1s1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 1.6
vendor:	cisco	model:	asr 1004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1006	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1023 router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1013	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002 fixed router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lte	version:	3.10.2s	Trust: 1.0
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 fixed router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1013 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1023 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lte	version:	3.10s(.2)	Trust: 0.8
vendor:	cisco	model:	ios xe software 3.10s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2s	Trust: 0.6

sources: CNVD: CNVD-2014-02737 // JVNDB: JVNDB-2014-002266 // CNNVD: CNNVD-201404-567 // NVD: CVE-2014-2183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2183
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2183
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02737
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-567
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70122
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2183
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02737
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70122
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-02737 // VULHUB: VHN-70122 // JVNDB: JVNDB-2014-002266 // CNNVD: CNNVD-201404-567 // NVD: CVE-2014-2183

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70122 // JVNDB: JVNDB-2014-002266 // NVD: CVE-2014-2183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-567

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201404-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002266

PATCH

title:	Cisco IOS XE Software Malformed L2TP Packet Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183	Trust: 0.8
title:	33971	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33971	Trust: 0.8
title:	Patch for Cisco IOS XE Software L2TP Message Handling Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45261	Trust: 0.6
title:	Cisco IOS XE Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164612	Trust: 0.6

sources: CNVD: CNVD-2014-02737 // JVNDB: JVNDB-2014-002266 // CNNVD: CNNVD-201404-567

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2183	Trust: 3.4
db:	BID	id:	67093	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002266	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-567	Trust: 0.7
db:	CNVD	id:	CNVD-2014-02737	Trust: 0.6
db:	VULHUB	id:	VHN-70122	Trust: 0.1

sources: CNVD: CNVD-2014-02737 // VULHUB: VHN-70122 // BID: 67093 // JVNDB: JVNDB-2014-002266 // CNNVD: CNNVD-201404-567 // NVD: CVE-2014-2183

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33971	Trust: 2.3
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2183	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2183	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2183	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html	Trust: 0.3

sources: CNVD: CNVD-2014-02737 // VULHUB: VHN-70122 // BID: 67093 // JVNDB: JVNDB-2014-002266 // CNNVD: CNNVD-201404-567 // NVD: CVE-2014-2183

CREDITS

Cisco

Trust: 0.3

sources: BID: 67093

SOURCES

db:	CNVD	id:	CNVD-2014-02737
db:	VULHUB	id:	VHN-70122
db:	BID	id:	67093
db:	JVNDB	id:	JVNDB-2014-002266
db:	CNNVD	id:	CNNVD-201404-567
db:	NVD	id:	CVE-2014-2183

LAST UPDATE DATE

2024-11-23T22:35:16.066000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02737	date:	2014-05-04T00:00:00
db:	VULHUB	id:	VHN-70122	date:	2014-04-29T00:00:00
db:	BID	id:	67093	date:	2014-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-002266	date:	2014-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201404-567	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2014-2183	date:	2024-11-21T02:05:48.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02737	date:	2014-05-04T00:00:00
db:	VULHUB	id:	VHN-70122	date:	2014-04-29T00:00:00
db:	BID	id:	67093	date:	2014-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-002266	date:	2014-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201404-567	date:	2014-04-30T00:00:00
db:	NVD	id:	CVE-2014-2183	date:	2014-04-29T10:37:04.013