Details of VAR-201405-0473

ID

VAR-201405-0473

CVE

CVE-2014-2196

TITLE

Cisco Wide Area Application Services Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002632

DESCRIPTION

Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCue18479. This software is mainly used in the link environment with small bandwidth and large delay. A security vulnerability exists in Cisco WAAS versions 5.1.1 through 5.1.1d

Trust: 2.07

sources: NVD: CVE-2014-2196 // JVNDB: JVNDB-2014-002632 // BID: 67551 // VULHUB: VHN-70135 // VULMON: CVE-2014-2196

AFFECTED PRODUCTS

vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	cisco	model:	wide area application services software	scope:	lt	version:	5.1.1 thats all 5.1.1e	Trust: 0.8

sources: JVNDB: JVNDB-2014-002632 // CNNVD: CNNVD-201405-469 // NVD: CVE-2014-2196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2196
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2196
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-469
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-70135
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-2196
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2196
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-70135
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70135 // VULMON: CVE-2014-2196 // JVNDB: JVNDB-2014-002632 // CNNVD: CNNVD-201405-469 // NVD: CVE-2014-2196

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-70135 // JVNDB: JVNDB-2014-002632 // NVD: CVE-2014-2196

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-469

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201405-469

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002632

PATCH

title:	cisco-sa-20140521-waas	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas	Trust: 0.8
title:	34244	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34244	Trust: 0.8
title:	cisco-sa-20140521-waas	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122584_cisco-sa-20140521-waas-j.html	Trust: 0.8
title:	Cisco: Cisco Wide Area Application Services Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20140521-waas	Trust: 0.1

sources: VULMON: CVE-2014-2196 // JVNDB: JVNDB-2014-002632

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2196	Trust: 2.9
db:	SECTRACK	id:	1030265	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-002632	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-469	Trust: 0.7
db:	CISCO	id:	20140521 CISCO WIDE AREA APPLICATION SERVICES REMOTE CODE EXECUTION VULNERABILITY	Trust: 0.6
db:	BID	id:	67551	Trust: 0.4
db:	VULHUB	id:	VHN-70135	Trust: 0.1
db:	VULMON	id:	CVE-2014-2196	Trust: 0.1

sources: VULHUB: VHN-70135 // VULMON: CVE-2014-2196 // BID: 67551 // JVNDB: JVNDB-2014-002632 // CNNVD: CNNVD-201405-469 // NVD: CVE-2014-2196

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140521-waas	Trust: 1.9
url:	http://www.securitytracker.com/id/1030265	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2196	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2196	Trust: 0.8
url:	www.cisco.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/94.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-70135 // VULMON: CVE-2014-2196 // BID: 67551 // JVNDB: JVNDB-2014-002632 // CNNVD: CNNVD-201405-469 // NVD: CVE-2014-2196

CREDITS

Cisco

Trust: 0.3

sources: BID: 67551

SOURCES

db:	VULHUB	id:	VHN-70135
db:	VULMON	id:	CVE-2014-2196
db:	BID	id:	67551
db:	JVNDB	id:	JVNDB-2014-002632
db:	CNNVD	id:	CNNVD-201405-469
db:	NVD	id:	CVE-2014-2196

LAST UPDATE DATE

2025-04-12T23:13:21.436000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70135	date:	2016-09-07T00:00:00
db:	VULMON	id:	CVE-2014-2196	date:	2016-09-07T00:00:00
db:	BID	id:	67551	date:	2014-05-22T12:32:00
db:	JVNDB	id:	JVNDB-2014-002632	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-469	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-2196	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70135	date:	2014-05-26T00:00:00
db:	VULMON	id:	CVE-2014-2196	date:	2014-05-26T00:00:00
db:	BID	id:	67551	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002632	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-469	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-2196	date:	2014-05-26T00:25:31.157