Details of VAR-201404-0573

ID

VAR-201404-0573

CVE

CVE-2014-2129

TITLE

Cisco Adaptive Security Appliance Software SIP Service disruption in inspection engines (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001942

DESCRIPTION

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh44052

Trust: 2.07

sources: NVD: CVE-2014-2129 // JVNDB: JVNDB-2014-001942 // BID: 66745 // VULHUB: VHN-70068 // VULMON: CVE-2014-2129

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(6.5)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(2.5)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.1)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2(5.48)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001942 // CNNVD: CNNVD-201404-116 // NVD: CVE-2014-2129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2129
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2129
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201404-116
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70068
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-2129
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2129
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-70068
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70068 // VULMON: CVE-2014-2129 // JVNDB: JVNDB-2014-001942 // CNNVD: CNNVD-201404-116 // NVD: CVE-2014-2129

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70068 // JVNDB: JVNDB-2014-001942 // NVD: CVE-2014-2129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-116

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201404-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001942

PATCH

title:	cisco-sa-20140409-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa	Trust: 0.8
title:	33625	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33625	Trust: 0.8
title:	cisco-sa-20140409-asa	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122330_cisco-sa-20140409-asa-j.html	Trust: 0.8
title:	Cisco: Multiple Vulnerabilities in Cisco ASA Software	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20140409-asa	Trust: 0.1

sources: VULMON: CVE-2014-2129 // JVNDB: JVNDB-2014-001942

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2129	Trust: 2.9
db:	JVNDB	id:	JVNDB-2014-001942	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-116	Trust: 0.7
db:	CISCO	id:	20140409 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	BID	id:	66745	Trust: 0.4
db:	VULHUB	id:	VHN-70068	Trust: 0.1
db:	VULMON	id:	CVE-2014-2129	Trust: 0.1

sources: VULHUB: VHN-70068 // VULMON: CVE-2014-2129 // BID: 66745 // JVNDB: JVNDB-2014-001942 // CNNVD: CNNVD-201404-116 // NVD: CVE-2014-2129

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-asa	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2129	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2129	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33625	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nmap.org/nsedoc/scripts/../scripts/http-vuln-cve2014-2129.html	Trust: 0.1

sources: VULHUB: VHN-70068 // VULMON: CVE-2014-2129 // BID: 66745 // JVNDB: JVNDB-2014-001942 // CNNVD: CNNVD-201404-116 // NVD: CVE-2014-2129

CREDITS

Cisco

Trust: 0.3

sources: BID: 66745

SOURCES

db:	VULHUB	id:	VHN-70068
db:	VULMON	id:	CVE-2014-2129
db:	BID	id:	66745
db:	JVNDB	id:	JVNDB-2014-001942
db:	CNNVD	id:	CNNVD-201404-116
db:	NVD	id:	CVE-2014-2129

LAST UPDATE DATE

2024-11-23T22:23:06.156000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70068	date:	2014-04-10T00:00:00
db:	VULMON	id:	CVE-2014-2129	date:	2023-08-15T00:00:00
db:	BID	id:	66745	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001942	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-116	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-2129	date:	2024-11-21T02:05:42.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70068	date:	2014-04-10T00:00:00
db:	VULMON	id:	CVE-2014-2129	date:	2014-04-10T00:00:00
db:	BID	id:	66745	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001942	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-116	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-2129	date:	2014-04-10T04:34:51.037