Sign-up

ID

VAR-201401-0333


CVE

CVE-2014-0669


TITLE

Cisco ASR 5000 Runs on series devices Gateway GPRS Support Node Vulnerability that bypasses top-up payment restrictions in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-001228

DESCRIPTION

The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. Vendors have confirmed this vulnerability Bug ID CSCuh28371 It is released as.Unspecified by a third party WSP Through the packet, top-up payment restrictions may be circumvented. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Because the program failed to properly process some WSP messages, the attacker could browse for free by redirecting the top portal page by sending a specially crafted WSP message. Cisco ASR 5000 Series devices are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuh28371. The vulnerability stems from the fact that the program does not process WSP packets correctly

Trust: 2.52

sources: NVD: CVE-2014-0669 // JVNDB: JVNDB-2014-001228 // CNVD: CNVD-2014-00546 // BID: 65052 // VULHUB: VHN-68162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00546

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 series softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:lteversion:12.1

Trust: 0.8

vendor:ciscomodel:asr seriesscope:eqversion:5000

Trust: 0.6

sources: CNVD: CNVD-2014-00546 // JVNDB: JVNDB-2014-001228 // CNNVD: CNNVD-201401-419 // NVD: CVE-2014-0669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0669
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0669
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00546
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-419
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68162
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0669
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00546
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68162
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00546 // VULHUB: VHN-68162 // JVNDB: JVNDB-2014-001228 // CNNVD: CNNVD-201401-419 // NVD: CVE-2014-0669

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68162 // JVNDB: JVNDB-2014-001228 // NVD: CVE-2014-0669

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-419

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-419

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001228

PATCH
title:Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0669
Trust: 0.8
title:32513url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32513
Trust: 0.8
title:Cisco ASR 5000 Series Device GPRS Support Node Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/42899
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00546 // 
            
            
            
            JVNDB: JVNDB-2014-001228

EXTERNAL IDS
db:NVDid:CVE-2014-0669
Trust: 3.4
db:BIDid:65052
Trust: 2.0
db:OSVDBid:102318
Trust: 1.7
db:SECTRACKid:1029666
Trust: 1.1
db:SECUNIAid:56546
Trust: 1.1
db:JVNDBid:JVNDB-2014-001228
Trust: 0.8
db:CNNVDid:CNNVD-201401-419
Trust: 0.7
db:CNVDid:CNVD-2014-00546
Trust: 0.6
db:CISCOid:20140121 CISCO ASR 5000 SERIES GATEWAY GPRS SUPPORT NODE TRAFFIC BYPASS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68162
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00546 // 
            
            
            
            VULHUB: VHN-68162 // 
            
            
            
            BID: 65052 // 
            
            
            
            JVNDB: JVNDB-2014-001228 // 
            
            
            
            CNNVD: CNNVD-201401-419 // 
            
            
            
            NVD: CVE-2014-0669

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0669
Trust: 2.3
url:http://www.securityfocus.com/bid/65052
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32513
Trust: 1.1
url:http://osvdb.org/102318
Trust: 1.1
url:http://www.securitytracker.com/id/1029666
Trust: 1.1
url:http://secunia.com/advisories/56546
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90614
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0669
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0669
Trust: 0.8
url:http://osvdb.org/show/osvdb/102318
Trust: 0.6
url:https://sso.cisco.com/autho/forms/cdclogin.html
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00546 // 
            
            
            
            VULHUB: VHN-68162 // 
            
            
            
            BID: 65052 // 
            
            
            
            JVNDB: JVNDB-2014-001228 // 
            
            
            
            CNNVD: CNNVD-201401-419 // 
            
            
            
            NVD: CVE-2014-0669

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65052

SOURCES
db:CNVDid:CNVD-2014-00546
db:VULHUBid:VHN-68162
db:BIDid:65052
db:JVNDBid:JVNDB-2014-001228
db:CNNVDid:CNNVD-201401-419
db:NVDid:CVE-2014-0669

LAST UPDATE DATE
2025-04-11T23:15:23.649000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00546date:2014-01-24T00:00:00
db:VULHUBid:VHN-68162date:2017-08-29T00:00:00
db:BIDid:65052date:2014-01-21T00:00:00
db:JVNDBid:JVNDB-2014-001228date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-419date:2014-01-24T00:00:00
db:NVDid:CVE-2014-0669date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00546date:2014-01-24T00:00:00
db:VULHUBid:VHN-68162date:2014-01-22T00:00:00
db:BIDid:65052date:2014-01-21T00:00:00
db:JVNDBid:JVNDB-2014-001228date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-419date:2014-01-24T00:00:00
db:NVDid:CVE-2014-0669date:2014-01-22T05:22:20.720