Details of VAR-201403-0470

ID

VAR-201403-0470

CVE

CVE-2014-2131

TITLE

Cisco IOS Service operations in packet drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001837

DESCRIPTION

The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. Cisco IOS The packet driver has a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCug41049 and CSCue61890

Trust: 2.52

sources: NVD: CVE-2014-2131 // JVNDB: JVNDB-2014-001837 // CNVD: CNVD-2014-02035 // BID: 66515 // VULHUB: VHN-70070

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02035

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(1)e	Trust: 0.8
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-02035 // JVNDB: JVNDB-2014-001837 // CNNVD: CNNVD-201403-544 // NVD: CVE-2014-2131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2131
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2131
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02035
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-544
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2131
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02035
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70070
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-02035 // VULHUB: VHN-70070 // JVNDB: JVNDB-2014-001837 // CNNVD: CNNVD-201403-544 // NVD: CVE-2014-2131

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-70070 // JVNDB: JVNDB-2014-001837 // NVD: CVE-2014-2131

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201403-544

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201403-544

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001837

PATCH

title:	Cisco IOS Software High Priority Queue Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2131	Trust: 0.8
title:	33558	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33558	Trust: 0.8
title:	Patch for Cisco IOS Software Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44586	Trust: 0.6

sources: CNVD: CNVD-2014-02035 // JVNDB: JVNDB-2014-001837

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2131	Trust: 3.4
db:	BID	id:	66515	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001837	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-544	Trust: 0.7
db:	CNVD	id:	CNVD-2014-02035	Trust: 0.6
db:	CISCO	id:	20140328 CISCO IOS SOFTWARE HIGH PRIORITY QUEUE DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-70070	Trust: 0.1

sources: CNVD: CNVD-2014-02035 // VULHUB: VHN-70070 // BID: 66515 // JVNDB: JVNDB-2014-001837 // CNNVD: CNNVD-201403-544 // NVD: CVE-2014-2131

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2131	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2131	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2131	Trust: 0.8
url:	https://tools.cisco.com/bugsearch/bug/cscug41049	Trust: 0.6
url:	https://tools.cisco.com/bugsearch/bug/cscue61890	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2014-02035 // VULHUB: VHN-70070 // BID: 66515 // JVNDB: JVNDB-2014-001837 // CNNVD: CNNVD-201403-544 // NVD: CVE-2014-2131

CREDITS

Cisco

Trust: 0.3

sources: BID: 66515

SOURCES

db:	CNVD	id:	CNVD-2014-02035
db:	VULHUB	id:	VHN-70070
db:	BID	id:	66515
db:	JVNDB	id:	JVNDB-2014-001837
db:	CNNVD	id:	CNNVD-201403-544
db:	NVD	id:	CVE-2014-2131

LAST UPDATE DATE

2025-04-12T23:14:39.478000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02035	date:	2014-04-01T00:00:00
db:	VULHUB	id:	VHN-70070	date:	2014-03-31T00:00:00
db:	BID	id:	66515	date:	2014-04-02T01:07:00
db:	JVNDB	id:	JVNDB-2014-001837	date:	2014-04-01T00:00:00
db:	CNNVD	id:	CNNVD-201403-544	date:	2014-03-31T00:00:00
db:	NVD	id:	CVE-2014-2131	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02035	date:	2014-04-01T00:00:00
db:	VULHUB	id:	VHN-70070	date:	2014-03-29T00:00:00
db:	BID	id:	66515	date:	2014-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-001837	date:	2014-04-01T00:00:00
db:	CNNVD	id:	CNNVD-201403-544	date:	2014-03-31T00:00:00
db:	NVD	id:	CVE-2014-2131	date:	2014-03-29T01:55:07.327