Details of VAR-201404-0583

ID

VAR-201404-0583

CVE

CVE-2014-2154

TITLE

Cisco Adaptive Security Appliance Software SIP Service disruption in inspection engines (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002244

DESCRIPTION

Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to instability, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf67469

Trust: 1.98

sources: NVD: CVE-2014-2154 // JVNDB: JVNDB-2014-002244 // BID: 67036 // VULHUB: VHN-70093

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	8.4(.6)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	0	Trust: 0.3

sources: BID: 67036 // JVNDB: JVNDB-2014-002244 // CNNVD: CNNVD-201404-474 // NVD: CVE-2014-2154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2154
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2154
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-474
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70093
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2154
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70093
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70093 // JVNDB: JVNDB-2014-002244 // CNNVD: CNNVD-201404-474 // NVD: CVE-2014-2154

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-70093 // JVNDB: JVNDB-2014-002244 // NVD: CVE-2014-2154

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-474

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201404-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002244

PATCH

title:	Cisco ASA SIP Inspection Memory Leak Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2154	Trust: 0.8
title:	33904	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33904	Trust: 0.8

sources: JVNDB: JVNDB-2014-002244

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2154	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002244	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-474	Trust: 0.7
db:	SECUNIA	id:	58242	Trust: 0.6
db:	CISCO	id:	20140422 CISCO ASA SIP INSPECTION MEMORY LEAK VULNERABILITY	Trust: 0.6
db:	BID	id:	67036	Trust: 0.4
db:	VULHUB	id:	VHN-70093	Trust: 0.1

sources: VULHUB: VHN-70093 // BID: 67036 // JVNDB: JVNDB-2014-002244 // CNNVD: CNNVD-201404-474 // NVD: CVE-2014-2154

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2154	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2154	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2154	Trust: 0.8
url:	http://secunia.com/advisories/58242	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70093 // BID: 67036 // JVNDB: JVNDB-2014-002244 // CNNVD: CNNVD-201404-474 // NVD: CVE-2014-2154

CREDITS

Cisco

Trust: 0.3

sources: BID: 67036

SOURCES

db:	VULHUB	id:	VHN-70093
db:	BID	id:	67036
db:	JVNDB	id:	JVNDB-2014-002244
db:	CNNVD	id:	CNNVD-201404-474
db:	NVD	id:	CVE-2014-2154

LAST UPDATE DATE

2024-11-23T22:08:21.068000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70093	date:	2014-04-24T00:00:00
db:	BID	id:	67036	date:	2014-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-002244	date:	2014-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-474	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2014-2154	date:	2024-11-21T02:05:45.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70093	date:	2014-04-23T00:00:00
db:	BID	id:	67036	date:	2014-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-002244	date:	2014-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-474	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2014-2154	date:	2014-04-23T11:52:59.790