CVE-2014-2201

The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:6.0\(1\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os:6.2\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(1n\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(3\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(3n\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(5\):::::::*

OR	cpe:2.3:h:cisco:mds_9000::::::::
	cpe:2.3:h:cisco:mds_9100:-:::::::*

History

21 Nov 2024, 02:05

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos - Vendor Advisory

Information

Published : 2014-05-26 00:25

Updated : 2024-11-21 02:05

NVD link : CVE-2014-2201

Mitre link : CVE-2014-2201

CVE.ORG link : CVE-2014-2201

JSON object : View

Products Affected

cisco

mds_9100
nexus_7000_9-slot
nx-os
mds_9000
nexus_7000_18-slot
nexus_7000_10-slot
nexus_7000

CWE

NVD-CWE-Other

{"id": "CVE-2014-2201", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-26T00:25:31.767", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915."}, {"lang": "es", "value": "Message Transfer Service (MTS) en Cisco NX-OS anterior a 6.2(7) en dispositivos MDS 9000 y 6.0 anterior a 6.0(2) en dispositivos Nexus 7000 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y kernel panic) a trav\u00e9s de un volumen grande de trafico manipulado, tambi\u00e9n conocido como Bug ID CSCtw98915."}], "lastModified": "2024-11-21T02:05:50.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48926DA6-2020-4D4F-AD12-555163C6C352"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE"}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493"}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05DDEA84-A3C8-47C0-BA73-48CA7707A73D", "versionEndIncluding": "6.2\\(5a\\)"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD54E122-6102-451E-92BF-AF71D98AEBE0"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(1n\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F0244F2-D8AA-469F-8AFD-655CA4F5F650"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C857C0F-B023-4CF7-9916-6735C40425F9"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(3n\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD503699-A02E-4A62-827F-0906C94448EF"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4C558C0-ECA4-408D-A5DF-2A175E48EAE2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858"}, {"criteria": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54C0D908-D7BA-48C3-9963-14A3A32A2662"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "sourceIdentifier": "ykramarz@cisco.com"}