Details of VAR-201403-0479

ID

VAR-201403-0479

CVE

CVE-2014-2111

TITLE

Cisco IOS of Application Layer Gateway Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001829

DESCRIPTION

The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. There is a possibility. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCue00996, CSCuh33843 and CSCuj41494

Trust: 2.52

sources: NVD: CVE-2014-2111 // JVNDB: JVNDB-2014-001829 // CNVD: CNVD-2014-01995 // BID: 66470 // VULHUB: VHN-70050

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01995

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2 to 12.4	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.4	Trust: 0.8
vendor:	cisco	model:	ios software	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation stratix	scope:	eq	version:	59000	Trust: 0.3
vendor:	cisco	model:	ios 15.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2snh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1snh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sng	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xv	Trust: 0.3
vendor:	cisco	model:	ios 12.4xt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ys	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ym	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3xx	Trust: 0.3
vendor:	cisco	model:	ios 12.3xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xnf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xne	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xnd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xnc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xnb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xna	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sre	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2srd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2src	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2srb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sra	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2seg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2scf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sce	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2scd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2scc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2scb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sca	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2iri	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2irh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2irf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ire	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ird	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2irc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2irb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ez	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ex	scope:	-	version:	-	Trust: 0.3
vendor:	rockwell	model:	automation stratix	scope:	ne	version:	590015.6.3	Trust: 0.3

sources: CNVD: CNVD-2014-01995 // BID: 66470 // JVNDB: JVNDB-2014-001829 // CNNVD: CNNVD-201403-510 // NVD: CVE-2014-2111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2111
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2111
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01995
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201403-510
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70050
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2111
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01995
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70050
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-01995 // VULHUB: VHN-70050 // JVNDB: JVNDB-2014-001829 // CNNVD: CNNVD-201403-510 // NVD: CVE-2014-2111

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70050 // JVNDB: JVNDB-2014-001829 // NVD: CVE-2014-2111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-510

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201403-510

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001829

PATCH

title:	cisco-sa-20140326-nat	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat	Trust: 0.8
title:	3879/0	url:	http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=3879&signatureSubId=0&softwareVersion=6.0&releaseVersion=S781	Trust: 0.8
title:	33349	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33349	Trust: 0.8
title:	cisco-sa-20140326-nat	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122245_cisco-sa-20140326-nat-j.html	Trust: 0.8
title:	Cisco IOS DNS Traffic NAT Handling Remote Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/44537	Trust: 0.6

sources: CNVD: CNVD-2014-01995 // JVNDB: JVNDB-2014-001829

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2111	Trust: 3.4
db:	BID	id:	66470	Trust: 2.0
db:	SECUNIA	id:	57630	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-001829	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-510	Trust: 0.7
db:	OSVDB	id:	104966	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01995	Trust: 0.6
db:	CISCO	id:	20140326 CISCO IOS SOFTWARE NETWORK ADDRESS TRANSLATION VULNERABILITIES	Trust: 0.6
db:	ICS CERT	id:	ICSA-17-094-04	Trust: 0.3
db:	VULHUB	id:	VHN-70050	Trust: 0.1

sources: CNVD: CNVD-2014-01995 // VULHUB: VHN-70050 // BID: 66470 // JVNDB: JVNDB-2014-001829 // CNNVD: CNNVD-201403-510 // NVD: CVE-2014-2111

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140326-nat	Trust: 2.6
url:	http://www.securityfocus.com/bid/66470	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2111	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2111	Trust: 0.8
url:	http://osvdb.com/show/osvdb/104966	Trust: 0.6
url:	http://secunia.com/advisories/57630/	Trust: 0.6
url:	http://secunia.com/advisories/57630	Trust: 0.6
url:	http://www.cisco.com/public/sw-center/sw-ios.shtml	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33347	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33349	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-094-04	Trust: 0.3

sources: CNVD: CNVD-2014-01995 // VULHUB: VHN-70050 // BID: 66470 // JVNDB: JVNDB-2014-001829 // CNNVD: CNNVD-201403-510 // NVD: CVE-2014-2111

CREDITS

Cisco

Trust: 0.3

sources: BID: 66470

SOURCES

db:	CNVD	id:	CNVD-2014-01995
db:	VULHUB	id:	VHN-70050
db:	BID	id:	66470
db:	JVNDB	id:	JVNDB-2014-001829
db:	CNNVD	id:	CNNVD-201403-510
db:	NVD	id:	CVE-2014-2111

LAST UPDATE DATE

2025-04-13T20:57:18.169000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01995	date:	2014-03-28T00:00:00
db:	VULHUB	id:	VHN-70050	date:	2017-05-23T00:00:00
db:	BID	id:	66470	date:	2017-05-23T16:25:00
db:	JVNDB	id:	JVNDB-2014-001829	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-510	date:	2014-03-28T00:00:00
db:	NVD	id:	CVE-2014-2111	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01995	date:	2014-03-28T00:00:00
db:	VULHUB	id:	VHN-70050	date:	2014-03-27T00:00:00
db:	BID	id:	66470	date:	2014-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-001829	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-510	date:	2014-03-28T00:00:00
db:	NVD	id:	CVE-2014-2111	date:	2014-03-27T21:55:09.063