Sign-up

ID

VAR-201401-0360


CVE

CVE-2014-0654


TITLE

Cisco Context Directory Agent Cache modification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001012

DESCRIPTION

Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuj45383. The vulnerability is caused by the program not filtering RADIUS accounting messages sufficiently. A remote attacker could exploit this vulnerability to modify the cache through a redirection attack

Trust: 1.98

sources: NVD: CVE-2014-0654 // JVNDB: JVNDB-2014-001012 // BID: 64709 // VULHUB: VHN-68147

AFFECTED PRODUCTS

vendor:ciscomodel:context directory agentscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:context directory agentscope:eqversion:1.0

Trust: 0.8

sources: JVNDB: JVNDB-2014-001012 // CNNVD: CNNVD-201401-107 // NVD: CVE-2014-0654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0654
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0654
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-107
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68147
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0654
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68147
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68147 // JVNDB: JVNDB-2014-001012 // CNNVD: CNNVD-201401-107 // NVD: CVE-2014-0654

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-68147 // JVNDB: JVNDB-2014-001012 // NVD: CVE-2014-0654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-107

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-107

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001012

PATCH
title:Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0654
Trust: 0.8
title:32366url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32366
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001012

EXTERNAL IDS
db:NVDid:CVE-2014-0654
Trust: 2.8
db:BIDid:64709
Trust: 1.4
db:SECUNIAid:56365
Trust: 1.1
db:OSVDBid:101802
Trust: 1.1
db:SECTRACKid:1029574
Trust: 1.1
db:JVNDBid:JVNDB-2014-001012
Trust: 0.8
db:CNNVDid:CNNVD-201401-107
Trust: 0.7
db:CISCOid:20140107 CISCO CONTEXT DIRECTORY AGENT REPLAYED RADIUS ACCOUNTING MESSAGE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68147
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68147 // 
            
            
            
            BID: 64709 // 
            
            
            
            JVNDB: JVNDB-2014-001012 // 
            
            
            
            CNNVD: CNNVD-201401-107 // 
            
            
            
            NVD: CVE-2014-0654

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0654
Trust: 1.7
url:http://www.securityfocus.com/bid/64709
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32366
Trust: 1.1
url:http://osvdb.org/101802
Trust: 1.1
url:http://www.securitytracker.com/id/1029574
Trust: 1.1
url:http://secunia.com/advisories/56365
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90168
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0654
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0654
Trust: 0.8
sources:
            
            
            VULHUB: VHN-68147 // 
            
            
            
            JVNDB: JVNDB-2014-001012 // 
            
            
            
            CNNVD: CNNVD-201401-107 // 
            
            
            
            NVD: CVE-2014-0654

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64709

SOURCES
db:VULHUBid:VHN-68147
db:BIDid:64709
db:JVNDBid:JVNDB-2014-001012
db:CNNVDid:CNNVD-201401-107
db:NVDid:CVE-2014-0654

LAST UPDATE DATE
2025-04-11T22:53:07.638000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68147date:2017-08-29T00:00:00
db:BIDid:64709date:2014-01-14T02:11:00
db:JVNDBid:JVNDB-2014-001012date:2014-01-10T00:00:00
db:CNNVDid:CNNVD-201401-107date:2014-01-09T00:00:00
db:NVDid:CVE-2014-0654date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-68147date:2014-01-08T00:00:00
db:BIDid:64709date:2014-01-07T00:00:00
db:JVNDBid:JVNDB-2014-001012date:2014-01-10T00:00:00
db:CNNVDid:CNNVD-201401-107date:2014-01-09T00:00:00
db:NVDid:CVE-2014-0654date:2014-01-08T21:55:06.303