Details of VAR-201404-0576

ID

VAR-201404-0576

CVE

CVE-2014-2139

TITLE

Cisco ONS 15454 Service operation interruption in controller card software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001970

DESCRIPTION

Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315. Cisco ONS 15454 Controller card software does not interfere with service operation ( Stop flash programming ) There are vulnerabilities that are put into a state. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to prevent system write access to the flash memory. This issue is being tracked by Cisco bug ID CSCug97315. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards

Trust: 1.98

sources: NVD: CVE-2014-2139 // JVNDB: JVNDB-2014-001970 // BID: 66684 // VULHUB: VHN-70078

AFFECTED PRODUCTS

vendor:	cisco	model:	ons 15454 system software	scope:	lte	version:	9.6	Trust: 1.8
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.4	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.2	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.3	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2	Trust: 1.6
vendor:	cisco	model:	ons 15454	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.6	Trust: 0.6

sources: JVNDB: JVNDB-2014-001970 // CNNVD: CNNVD-201404-180 // NVD: CVE-2014-2139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2139
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2139
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-180
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70078
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2139
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70078
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70078 // JVNDB: JVNDB-2014-001970 // CNNVD: CNNVD-201404-180 // NVD: CVE-2014-2139

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-2139

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-180

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 66684

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001970

PATCH

title:	Cisco ONS 15454 Controller Card Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139	Trust: 0.8
title:	33681	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33681	Trust: 0.8

sources: JVNDB: JVNDB-2014-001970

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2139	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001970	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-180	Trust: 0.7
db:	CISCO	id:	20140407 CISCO ONS 15454 CONTROLLER CARD DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	57814	Trust: 0.6
db:	BID	id:	66684	Trust: 0.4
db:	VULHUB	id:	VHN-70078	Trust: 0.1

sources: VULHUB: VHN-70078 // BID: 66684 // JVNDB: JVNDB-2014-001970 // CNNVD: CNNVD-201404-180 // NVD: CVE-2014-2139

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2139	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33681	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2139	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2139	Trust: 0.8
url:	http://secunia.com/advisories/57814	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70078 // BID: 66684 // JVNDB: JVNDB-2014-001970 // CNNVD: CNNVD-201404-180 // NVD: CVE-2014-2139

CREDITS

Cisco

Trust: 0.3

sources: BID: 66684

SOURCES

db:	VULHUB	id:	VHN-70078
db:	BID	id:	66684
db:	JVNDB	id:	JVNDB-2014-001970
db:	CNNVD	id:	CNNVD-201404-180
db:	NVD	id:	CVE-2014-2139

LAST UPDATE DATE

2024-11-23T22:13:43.879000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70078	date:	2014-04-14T00:00:00
db:	BID	id:	66684	date:	2014-04-17T01:02:00
db:	JVNDB	id:	JVNDB-2014-001970	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-180	date:	2014-04-16T00:00:00
db:	NVD	id:	CVE-2014-2139	date:	2024-11-21T02:05:43.643

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70078	date:	2014-04-12T00:00:00
db:	BID	id:	66684	date:	2014-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001970	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-180	date:	2014-04-16T00:00:00
db:	NVD	id:	CVE-2014-2139	date:	2014-04-12T04:37:31.817