Details of VAR-201411-0247

ID

VAR-201411-0247

CVE

CVE-2014-7992

TITLE

Cisco IOS of DLSw Vulnerability in obtaining important authentication information from process memory

Trust: 0.8

sources: JVNDB: JVNDB-2014-005505

DESCRIPTION

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS is prone to an information-disclosure vulnerability. This issue is being tracked by Cisco bug ID CSCur14014

Trust: 2.52

sources: NVD: CVE-2014-7992 // JVNDB: JVNDB-2014-005505 // CNVD: CNVD-2014-08350 // BID: 71145 // VULHUB: VHN-75937

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08350

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	lte	version:	15.4(2)t3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-08350 // BID: 71145 // JVNDB: JVNDB-2014-005505 // CNNVD: CNNVD-201411-305 // NVD: CVE-2014-7992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7992
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-7992
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08350
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201411-305
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75937
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-7992
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08350
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-75937
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-08350 // VULHUB: VHN-75937 // JVNDB: JVNDB-2014-005505 // CNNVD: CNNVD-201411-305 // NVD: CVE-2014-7992

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-75937 // JVNDB: JVNDB-2014-005505 // NVD: CVE-2014-7992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-305

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201411-305

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005505

PATCH

title:	Cisco IOS DLSw Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992	Trust: 0.8
title:	36453	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36453	Trust: 0.8

sources: JVNDB: JVNDB-2014-005505

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7992	Trust: 3.4
db:	BID	id:	71145	Trust: 2.0
db:	SECTRACK	id:	1031220	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-005505	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-305	Trust: 0.7
db:	CNVD	id:	CNVD-2014-08350	Trust: 0.6
db:	VULHUB	id:	VHN-75937	Trust: 0.1

sources: CNVD: CNVD-2014-08350 // VULHUB: VHN-75937 // BID: 71145 // JVNDB: JVNDB-2014-005505 // CNNVD: CNNVD-201411-305 // NVD: CVE-2014-7992

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-7992	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7992	Trust: 1.4
url:	http://www.securityfocus.com/bid/71145	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36453	Trust: 1.1
url:	http://www.securitytracker.com/id/1031220	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98724	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7992	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-08350 // VULHUB: VHN-75937 // BID: 71145 // JVNDB: JVNDB-2014-005505 // CNNVD: CNNVD-201411-305 // NVD: CVE-2014-7992

CREDITS

Tate Hansen and John McLeod of FishNet Security, and Kyle Rainey.

Trust: 0.3

sources: BID: 71145

SOURCES

db:	CNVD	id:	CNVD-2014-08350
db:	VULHUB	id:	VHN-75937
db:	BID	id:	71145
db:	JVNDB	id:	JVNDB-2014-005505
db:	CNNVD	id:	CNNVD-201411-305
db:	NVD	id:	CVE-2014-7992

LAST UPDATE DATE

2025-04-13T23:37:37.926000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08350	date:	2014-11-19T00:00:00
db:	VULHUB	id:	VHN-75937	date:	2017-09-08T00:00:00
db:	BID	id:	71145	date:	2014-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-005505	date:	2014-11-19T00:00:00
db:	CNNVD	id:	CNNVD-201411-305	date:	2014-11-19T00:00:00
db:	NVD	id:	CVE-2014-7992	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08350	date:	2014-11-19T00:00:00
db:	VULHUB	id:	VHN-75937	date:	2014-11-18T00:00:00
db:	BID	id:	71145	date:	2014-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-005505	date:	2014-11-19T00:00:00
db:	CNNVD	id:	CNNVD-201411-305	date:	2014-11-19T00:00:00
db:	NVD	id:	CVE-2014-7992	date:	2014-11-18T01:59:07.217