Sign-up

ID

VAR-201408-0318


CVE

CVE-2014-3901


TITLE

Dominion KX2-101 vulnerable to denial-of-service (DoS)

Trust: 0.8

sources: JVNDB: JVNDB-2014-000097

DESCRIPTION

Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet. Dominion KX2-101 provided by Raritan Japan, Inc. contains a denial-of-service (DoS) vulnerability. Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service (DoS) vulnerability. Yusuke Okano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.By receiving a specially crafted packet, the product may be forced to stop responding. Raritan Japan KX2-101 is a switch product from Raritan Corporation of the United States. A denial of service vulnerability exists in Raritan Japan KX2-101. Attackers may leverage this issue to crash the affected device, denying service to legitimate users. Dominion KX2-101 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2014-3901 // JVNDB: JVNDB-2014-000097 // CNVD: CNVD-2014-05051 // BID: 69232 // VULHUB: VHN-71841

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05051

AFFECTED PRODUCTS

vendor:raritanmodel:dominionscope:eqversion:kx2-101

Trust: 1.4

vendor:raritanmodel:dominion kx ii-101scope:eqversion: -

Trust: 1.0

vendor:raritanmodel:dominion kx2-101scope:ltversion:2

Trust: 0.6

vendor:raritanmodel:dominion kx2-101scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2014-05051 // BID: 69232 // JVNDB: JVNDB-2014-000097 // CNNVD: CNNVD-201408-225 // NVD: CVE-2014-3901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3901
value: HIGH

Trust: 1.0

IPA: JVNDB-2014-000097
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05051
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201408-225
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71841
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3901
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2014-000097
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-05051
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71841
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-05051 // VULHUB: VHN-71841 // JVNDB: JVNDB-2014-000097 // CNNVD: CNNVD-201408-225 // NVD: CVE-2014-3901

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2014-000097 // NVD: CVE-2014-3901

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-225

TYPE

Design Error

Trust: 0.3

sources: BID: 69232

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-000097

PATCH
title:Dominion KX II-101 V2url:http://www.raritan.com/products/kvm-switches/dominion-kx-ii-101
Trust: 0.8
title:Raritan Japan KX2-101 Remediation measures for denial of service vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234908
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-000097 // 
            
            
            
            CNNVD: CNNVD-201408-225

EXTERNAL IDS
db:JVNDBid:JVNDB-2014-000097
Trust: 3.4
db:NVDid:CVE-2014-3901
Trust: 3.4
db:JVNid:JVN07957080
Trust: 3.4
db:BIDid:69232
Trust: 1.0
db:CNNVDid:CNNVD-201408-225
Trust: 0.7
db:CNVDid:CNVD-2014-05051
Trust: 0.6
db:VULHUBid:VHN-71841
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-05051 // 
            
            
            
            VULHUB: VHN-71841 // 
            
            
            
            BID: 69232 // 
            
            
            
            JVNDB: JVNDB-2014-000097 // 
            
            
            
            CNNVD: CNNVD-201408-225 // 
            
            
            
            NVD: CVE-2014-3901

REFERENCES
url:http://jvn.jp/en/jp/jvn07957080/index.html
Trust: 3.4
url:http://jvndb.jvn.jp/jvndb/jvndb-2014-000097
Trust: 1.7
url:http://jvndb.jvn.jp/en/contents/2014/jvndb-2014-000097.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3901
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3901
Trust: 0.8
url: - 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-05051 // 
            
            
            
            VULHUB: VHN-71841 // 
            
            
            
            BID: 69232 // 
            
            
            
            JVNDB: JVNDB-2014-000097 // 
            
            
            
            CNNVD: CNNVD-201408-225 // 
            
            
            
            NVD: CVE-2014-3901

CREDITS
Yusuke Okano
Trust: 0.3
sources:
            
            
            BID: 69232

SOURCES
db:CNVDid:CNVD-2014-05051
db:VULHUBid:VHN-71841
db:BIDid:69232
db:JVNDBid:JVNDB-2014-000097
db:CNNVDid:CNNVD-201408-225
db:NVDid:CVE-2014-3901

LAST UPDATE DATE
2025-04-13T23:39:09.525000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05051date:2014-08-15T00:00:00
db:VULHUBid:VHN-71841date:2015-12-04T00:00:00
db:BIDid:69232date:2014-08-12T00:00:00
db:JVNDBid:JVNDB-2014-000097date:2014-08-18T00:00:00
db:CNNVDid:CNNVD-201408-225date:2023-04-26T00:00:00
db:NVDid:CVE-2014-3901date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-05051date:2014-08-15T00:00:00
db:VULHUBid:VHN-71841date:2014-08-12T00:00:00
db:BIDid:69232date:2014-08-12T00:00:00
db:JVNDBid:JVNDB-2014-000097date:2014-08-12T00:00:00
db:CNNVDid:CNNVD-201408-225date:2014-08-14T00:00:00
db:NVDid:CVE-2014-3901date:2014-08-12T23:55:04.003