Details of VAR-201404-0581

ID

VAR-201404-0581

CVE

CVE-2014-2144

TITLE

Cisco IOS XR Software ICMPv6 Processing Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-02177 // BID: 66658

DESCRIPTION

Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS XR. Attackers can exploit this issue to cause all or most of the IPv4 and IPv6 traffic to fail while being processed on an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum14266. The vulnerability is caused by the program not properly managing ICMPv6 redirected packets

Trust: 2.52

sources: NVD: CVE-2014-2144 // JVNDB: JVNDB-2014-001917 // CNVD: CNVD-2014-02177 // BID: 66658 // VULHUB: VHN-70083

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02177

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 2.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	*	Trust: 1.0

sources: CNVD: CNVD-2014-02177 // JVNDB: JVNDB-2014-001917 // CNNVD: CNNVD-201404-067 // NVD: CVE-2014-2144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2144
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2144
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02177
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-067
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70083
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2144
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02177
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70083
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-02177 // VULHUB: VHN-70083 // JVNDB: JVNDB-2014-001917 // CNNVD: CNNVD-201404-067 // NVD: CVE-2014-2144

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70083 // JVNDB: JVNDB-2014-001917 // NVD: CVE-2014-2144

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201404-067

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201404-067

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001917

PATCH

title:	Cisco IOS XR Software ICMPv6 Redirect Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144	Trust: 0.8
title:	Cisco IOS XR Software ICMPv6 Processing Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/44699	Trust: 0.6

sources: CNVD: CNVD-2014-02177 // JVNDB: JVNDB-2014-001917

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2144	Trust: 3.4
db:	BID	id:	66658	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001917	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-067	Trust: 0.7
db:	OSVDB	id:	105412	Trust: 0.6
db:	CNVD	id:	CNVD-2014-02177	Trust: 0.6
db:	CISCO	id:	20140404 CISCO IOS XR SOFTWARE ICMPV6 REDIRECT VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-70083	Trust: 0.1

sources: CNVD: CNVD-2014-02177 // VULHUB: VHN-70083 // BID: 66658 // JVNDB: JVNDB-2014-001917 // CNNVD: CNNVD-201404-067 // NVD: CVE-2014-2144

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2144	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2144	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2144	Trust: 0.8
url:	http://www.securityfocus.com/bid/66658	Trust: 0.6
url:	http://osvdb.com/show/osvdb/105412	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps5845/index.html	Trust: 0.3

sources: CNVD: CNVD-2014-02177 // VULHUB: VHN-70083 // BID: 66658 // JVNDB: JVNDB-2014-001917 // CNNVD: CNNVD-201404-067 // NVD: CVE-2014-2144

CREDITS

Cisco

Trust: 0.3

sources: BID: 66658

SOURCES

db:	CNVD	id:	CNVD-2014-02177
db:	VULHUB	id:	VHN-70083
db:	BID	id:	66658
db:	JVNDB	id:	JVNDB-2014-001917
db:	CNNVD	id:	CNNVD-201404-067
db:	NVD	id:	CVE-2014-2144

LAST UPDATE DATE

2024-11-23T22:49:31.703000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02177	date:	2014-04-10T00:00:00
db:	VULHUB	id:	VHN-70083	date:	2014-04-07T00:00:00
db:	BID	id:	66658	date:	2014-04-08T00:38:00
db:	JVNDB	id:	JVNDB-2014-001917	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-067	date:	2014-04-09T00:00:00
db:	NVD	id:	CVE-2014-2144	date:	2024-11-21T02:05:44.220

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02177	date:	2014-04-10T00:00:00
db:	VULHUB	id:	VHN-70083	date:	2014-04-05T00:00:00
db:	BID	id:	66658	date:	2014-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-001917	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-067	date:	2014-04-09T00:00:00
db:	NVD	id:	CVE-2014-2144	date:	2014-04-05T04:01:38.687