Skip to main content

Intrusion Prevention System CVE-2014-2103

MEDIUM
Improper Input Validation (CWE-20)
2014-02-27 psirt@cisco.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:N/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
C

Lifecycle Timeline

1
CVE Published
Feb 27, 2014 - 20:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.

AnalysisAI

Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. Affected products include: Cisco Intrusion Prevention System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-3411 HIGH
7.8 Jul 18

The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 mod

CVE-2013-3410 HIGH
7.8 Jul 18

Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a d

CVE-2013-1243 HIGH
7.8 Jul 18

The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules bef

CVE-2013-1218 HIGH
7.8 Jul 18

Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote

CVE-2015-0654 HIGH
7.1 Mar 13

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IP

CVE-2014-3406 HIGH
7.1 Oct 19

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows

CVE-2014-3402 MEDIUM
5.0 Oct 10

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier

CVE-2012-3901 MEDIUM
5.0 Sep 16

The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a den

CVE-2012-3899 MEDIUM
5.0 Sep 16

sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote atta

CVE-2013-5497 MEDIUM
4.3 Sep 19

The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly han

CVE-2013-1219 MEDIUM
4.4 Apr 29

SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job

Share

CVE-2014-2103 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy