Details of VAR-201404-0578

ID

VAR-201404-0578

CVE

CVE-2014-2141

TITLE

Cisco ONS 15454 Service disruption in controller card session termination function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001943

DESCRIPTION

The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416. Cisco ONS 15454 The controller card's session termination function does not initialize unspecified pointers. ( Card reset ) There are vulnerabilities that are put into a state. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCug97416. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards. The vulnerability is caused by the fact that the program does not have an initialization pointer

Trust: 1.98

sources: NVD: CVE-2014-2141 // JVNDB: JVNDB-2014-001943 // BID: 66666 // VULHUB: VHN-70080

AFFECTED PRODUCTS

vendor:	cisco	model:	ons 15454 system software	scope:	lte	version:	9.6	Trust: 1.8
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.4	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2.2	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.3	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.2	Trust: 1.6
vendor:	cisco	model:	ons 15454	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ons 15454	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ons 15454 system software	scope:	eq	version:	9.6	Trust: 0.6

sources: JVNDB: JVNDB-2014-001943 // CNNVD: CNNVD-201404-117 // NVD: CVE-2014-2141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2141
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2141
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-117
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70080
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2141
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70080
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70080 // JVNDB: JVNDB-2014-001943 // CNNVD: CNNVD-201404-117 // NVD: CVE-2014-2141

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-70080 // JVNDB: JVNDB-2014-001943 // NVD: CVE-2014-2141

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-117

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201404-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001943

PATCH

title:	Cisco ONS 15454 Controller Card Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141	Trust: 0.8
title:	33682	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33682	Trust: 0.8

sources: JVNDB: JVNDB-2014-001943

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2141	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001943	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-117	Trust: 0.7
db:	CISCO	id:	20140407 CISCO ONS 15454 CONTROLLER CARD DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	57712	Trust: 0.6
db:	BID	id:	66666	Trust: 0.4
db:	VULHUB	id:	VHN-70080	Trust: 0.1

sources: VULHUB: VHN-70080 // BID: 66666 // JVNDB: JVNDB-2014-001943 // CNNVD: CNNVD-201404-117 // NVD: CVE-2014-2141

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2141	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33682	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2141	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2141	Trust: 0.8
url:	http://secunia.com/advisories/57712	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70080 // BID: 66666 // JVNDB: JVNDB-2014-001943 // CNNVD: CNNVD-201404-117 // NVD: CVE-2014-2141

CREDITS

Cisco

Trust: 0.3

sources: BID: 66666

SOURCES

db:	VULHUB	id:	VHN-70080
db:	BID	id:	66666
db:	JVNDB	id:	JVNDB-2014-001943
db:	CNNVD	id:	CNNVD-201404-117
db:	NVD	id:	CVE-2014-2141

LAST UPDATE DATE

2024-11-23T22:13:43.908000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70080	date:	2014-04-10T00:00:00
db:	BID	id:	66666	date:	2014-04-17T01:12:00
db:	JVNDB	id:	JVNDB-2014-001943	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-117	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2014-2141	date:	2024-11-21T02:05:43.877

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70080	date:	2014-04-10T00:00:00
db:	BID	id:	66666	date:	2014-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001943	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-117	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2014-2141	date:	2014-04-10T04:34:51.053