Details of VAR-201404-0577

ID

VAR-201404-0577

CVE

CVE-2014-2140

TITLE

Cisco ONS 15454 Service operation interruption in controller card software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001971

DESCRIPTION

Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348. Cisco ONS 15454 Controller card software does not interfere with service operation ( Reset card ) There are vulnerabilities that are put into a state. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCug97348. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards

Trust: 1.98

sources: NVD: CVE-2014-2140 // JVNDB: JVNDB-2014-001971 // BID: 66685 // VULHUB: VHN-70079

AFFECTED PRODUCTS

vendor:	cisco	model:	ons 15454 system software	scope:	lte	version:	9.6	Trust: 1.8
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.4	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.2	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.3	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2	Trust: 1.6
vendor:	cisco	model:	ons 15454	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.6	Trust: 0.6

sources: JVNDB: JVNDB-2014-001971 // CNNVD: CNNVD-201404-181 // NVD: CVE-2014-2140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2140
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2140
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-181
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70079
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2140
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70079
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70079 // JVNDB: JVNDB-2014-001971 // CNNVD: CNNVD-201404-181 // NVD: CVE-2014-2140

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-2140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-181

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 66685

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001971

PATCH

title:	Cisco ONS 15454 Controller Card Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140	Trust: 0.8
title:	33680	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33680	Trust: 0.8

sources: JVNDB: JVNDB-2014-001971

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2140	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001971	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-181	Trust: 0.7
db:	CISCO	id:	20140407 CISCO ONS 15454 CONTROLLER CARD DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	57650	Trust: 0.6
db:	BID	id:	66685	Trust: 0.4
db:	VULHUB	id:	VHN-70079	Trust: 0.1

sources: VULHUB: VHN-70079 // BID: 66685 // JVNDB: JVNDB-2014-001971 // CNNVD: CNNVD-201404-181 // NVD: CVE-2014-2140

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2140	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33680	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2140	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2140	Trust: 0.8
url:	http://secunia.com/advisories/57650	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70079 // BID: 66685 // JVNDB: JVNDB-2014-001971 // CNNVD: CNNVD-201404-181 // NVD: CVE-2014-2140

CREDITS

Cisco

Trust: 0.3

sources: BID: 66685

SOURCES

db:	VULHUB	id:	VHN-70079
db:	BID	id:	66685
db:	JVNDB	id:	JVNDB-2014-001971
db:	CNNVD	id:	CNNVD-201404-181
db:	NVD	id:	CVE-2014-2140

LAST UPDATE DATE

2024-11-23T22:13:43.967000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70079	date:	2014-04-14T00:00:00
db:	BID	id:	66685	date:	2014-04-17T01:02:00
db:	JVNDB	id:	JVNDB-2014-001971	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-181	date:	2014-04-16T00:00:00
db:	NVD	id:	CVE-2014-2140	date:	2024-11-21T02:05:43.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70079	date:	2014-04-12T00:00:00
db:	BID	id:	66685	date:	2014-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001971	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-181	date:	2014-04-16T00:00:00
db:	NVD	id:	CVE-2014-2140	date:	2014-04-12T04:37:31.847