Details of VAR-201403-0476

ID

VAR-201403-0476

CVE

CVE-2014-2107

TITLE

Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001826

DESCRIPTION

Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCug84789. The following releases are affected: Cisco IOS release 12.2 and releases 15.0 through 15.3 with the Kailash FPGA prior to 2.6

Trust: 2.52

sources: NVD: CVE-2014-2107 // JVNDB: JVNDB-2014-001826 // CNVD: CNVD-2014-01993 // BID: 66468 // VULHUB: VHN-70046

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01993

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)se	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios 15.1s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2src	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2srd	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2sre	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2x	Trust: 0.6
vendor:	cisco	model:	ios 12.2xna	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2xnb	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2xnc	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2xnd	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2xne	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2xnf	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0ex	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0sqa	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0sqb	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0xo	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sre6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sre4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sre3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sre1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srd8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srd6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srd3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srd2a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srd2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 srd1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 src5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 src4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 src3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 src2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 src1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	-	scope:	eq	version:	7600	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-01993 // BID: 66468 // JVNDB: JVNDB-2014-001826 // CNNVD: CNNVD-201403-507 // NVD: CVE-2014-2107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2107
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2107
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01993
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201403-507
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70046
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2107
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01993
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70046
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-01993 // VULHUB: VHN-70046 // JVNDB: JVNDB-2014-001826 // CNNVD: CNNVD-201403-507 // NVD: CVE-2014-2107

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70046 // JVNDB: JVNDB-2014-001826 // NVD: CVE-2014-2107

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-507

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201403-507

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001826

PATCH

title:	cisco-sa-20140326-RSP72010GE	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-RSP72010GE	Trust: 0.8
title:	33345	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33345	Trust: 0.8
title:	cisco-sa-20140326-RSP72010GE	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122246_cisco-sa-20140326-RSP72010GE-j.html	Trust: 0.8
title:	Cisco IOS Crafted IPv4 Traffic Handling Patch for Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44540	Trust: 0.6

sources: CNVD: CNVD-2014-01993 // JVNDB: JVNDB-2014-001826

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2107	Trust: 3.4
db:	BID	id:	66468	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001826	Trust: 0.8
db:	OSVDB	id:	104967	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01993	Trust: 0.6
db:	CISCO	id:	20140326 CISCO 7600 SERIES ROUTE SWITCH PROCESSOR 720 WITH 10 GIGABIT ETHERNET UPLINKS DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-201403-507	Trust: 0.6
db:	VULHUB	id:	VHN-70046	Trust: 0.1

sources: CNVD: CNVD-2014-01993 // VULHUB: VHN-70046 // BID: 66468 // JVNDB: JVNDB-2014-001826 // CNNVD: CNNVD-201403-507 // NVD: CVE-2014-2107

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140326-rsp72010ge	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2107	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2107	Trust: 0.8
url:	http://osvdb.com/show/osvdb/104967	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2014-01993 // VULHUB: VHN-70046 // BID: 66468 // JVNDB: JVNDB-2014-001826 // CNNVD: CNNVD-201403-507 // NVD: CVE-2014-2107

CREDITS

Cisco

Trust: 0.3

sources: BID: 66468

SOURCES

db:	CNVD	id:	CNVD-2014-01993
db:	VULHUB	id:	VHN-70046
db:	BID	id:	66468
db:	JVNDB	id:	JVNDB-2014-001826
db:	CNNVD	id:	CNNVD-201403-507
db:	NVD	id:	CVE-2014-2107

LAST UPDATE DATE

2025-04-13T23:18:54.992000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01993	date:	2014-03-28T00:00:00
db:	VULHUB	id:	VHN-70046	date:	2014-03-28T00:00:00
db:	BID	id:	66468	date:	2014-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-001826	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-507	date:	2014-03-28T00:00:00
db:	NVD	id:	CVE-2014-2107	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01993	date:	2014-03-28T00:00:00
db:	VULHUB	id:	VHN-70046	date:	2014-03-27T00:00:00
db:	BID	id:	66468	date:	2014-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-001826	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-507	date:	2014-03-28T00:00:00
db:	NVD	id:	CVE-2014-2107	date:	2014-03-27T21:55:08.987