Sign-up

ID

VAR-201502-0334


CVE

CVE-2014-2188


TITLE

** Delete ** Cisco IOS of Authentication Proxy Vulnerabilities that bypass authentication in functions

Trust: 0.8

sources: JVNDB: JVNDB-2014-007946

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0607. Reason: This candidate is a duplicate of CVE-2015-0607. The wrong ID was used. Notes: All CVE users should reference CVE-2015-0607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-0607 It was removed because it was found to be duplicated. CVE-2015-0607 Please refer to. Cisco IOS of Authentication Proxy The function is RADIUS and TACACS+ Invalid from server AAA There is a vulnerability that bypasses authentication due to improper handling of return codes. Vendors have confirmed this vulnerability Bug ID CSCuo09400 and CSCun16016 It is released as.A third party may be able to bypass authentication through connection attempts that trigger invalid code. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to an authentication-bypass vulnerability. This may lead to further attacks. This issue is tracked by Cisco Bug IDs CSCuo09400 and CSCun16016

Trust: 2.52

sources: NVD: CVE-2014-2188 // JVNDB: JVNDB-2014-007946 // CNVD: CNVD-2015-01407 // BID: 72794 // VULHUB: VHN-70127

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01407

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t1

Trust: 0.6

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-01407 // BID: 72794 // JVNDB: JVNDB-2014-007946 // CNNVD: CNNVD-201502-458

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-01407
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-458
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-01407
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-01407 // CNNVD: CNNVD-201502-458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-458

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201502-458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007946

PATCH
title:Vulnerability in Authentication Proxy Feature in Cisco IOS Softwareurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2188
Trust: 0.8
title:Cisco IOS Software Security Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/55843
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01407 // 
            
            
            
            JVNDB: JVNDB-2014-007946

EXTERNAL IDS
db:NVDid:CVE-2014-2188
Trust: 3.4
db:BIDid:72794
Trust: 1.0
db:JVNDBid:JVNDB-2014-007946
Trust: 0.8
db:CNNVDid:CNNVD-201502-458
Trust: 0.7
db:CNVDid:CNVD-2015-01407
Trust: 0.6
db:VULHUBid:VHN-70127
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01407 // 
            
            
            
            VULHUB: VHN-70127 // 
            
            
            
            BID: 72794 // 
            
            
            
            JVNDB: JVNDB-2014-007946 // 
            
            
            
            CNNVD: CNNVD-201502-458 // 
            
            
            
            NVD: CVE-2014-2188

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2188
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2188
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2188
Trust: 0.8
url:http://www.securityfocus.com/bid/72794
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.4
sources:
            
            
            CNVD: CNVD-2015-01407 // 
            
            
            
            VULHUB: VHN-70127 // 
            
            
            
            BID: 72794 // 
            
            
            
            JVNDB: JVNDB-2014-007946 // 
            
            
            
            CNNVD: CNNVD-201502-458

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72794

SOURCES
db:CNVDid:CNVD-2015-01407
db:VULHUBid:VHN-70127
db:BIDid:72794
db:JVNDBid:JVNDB-2014-007946
db:CNNVDid:CNNVD-201502-458
db:NVDid:CVE-2014-2188

LAST UPDATE DATE
2024-08-14T13:34:20.364000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01407date:2015-03-04T00:00:00
db:VULHUBid:VHN-70127date:2015-03-10T00:00:00
db:BIDid:72794date:2015-02-26T00:00:00
db:JVNDBid:JVNDB-2014-007946date:2015-03-02T00:00:00
db:CNNVDid:CNNVD-201502-458date:2015-03-02T00:00:00
db:NVDid:CVE-2014-2188date:2023-11-07T02:19:30.650

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01407date:2015-03-04T00:00:00
db:VULHUBid:VHN-70127date:2015-02-27T00:00:00
db:BIDid:72794date:2015-02-26T00:00:00
db:JVNDBid:JVNDB-2014-007946date:2015-03-02T00:00:00
db:CNNVDid:CNNVD-201502-458date:2015-02-26T00:00:00
db:NVDid:CVE-2014-2188date:2015-02-27T02:59:00.057