All the vulnerabilites related to cisco - cisco_ons_15454_system_software
Vulnerability from fkie_nvd
Published
2013-12-18 16:04
Modified
2024-11-21 01:59
Severity ?
Summary
The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701 | Vendor Advisory | |
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=32200 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1029512 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=32200 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029512 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383BBBEE-F2B8-4CD4-9390-73E536D3C716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64656F-0FA2-4F1A-9777-C37686DE9E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95EB5962-F6D9-4606-A28B-521CAAA5B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE1275-EC96-4898-96A9-15B00414FB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C01C932-64BC-48F5-8037-81A58B8DC6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE3CF6F-1FED-4402-BF98-21C0CBF9FDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97521058-BCB4-4152-B8FA-EF959966A892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C0E1C0-BBE2-41CA-9144-B3A35E929BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ons_15454_mspp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E3A7E4-39CD-44B9-B72D-0C9B810A2158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ons_15454_mstp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B98B943-24D6-4B37-A44F-0E3985BBB54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ons_15454e_optical_transport_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9442E2B1-6D21-46FC-9782-CD441254EEFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ons_15454:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054BA906-B607-4A65-A6E3-D3D7F8096235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ons_15454_multiservice_transport_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143ECB17-B9C3-4BBC-A308-D5E8A4E1D75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ons_15454_sdh_multiservice_provisioning_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC82D55D-7565-4E74-9D4A-19BB5F87D067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ons_15454_sonet_multiservice_provisioning_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D44F084-DF53-47D4-8E2D-B969528E07EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155."
},
{
"lang": "es",
"value": "El proceso tNetTaskLimit en Transport Node Controller (TNC) en dispositivos Cisco ONS 15454 con software 9.6 y anteriores no prioriza correctamente pings sanitarios, lo cual permite a atacantes remotos causar denegaci\u00f3n de servicio (watchdog timeout y reinicio del TNC) a trav\u00e9s de inundaci\u00f3n del tr\u00e1fico de red, tambi\u00e9n conocido como Bug ID CSCud97155."
}
],
"id": "CVE-2013-6701",
"lastModified": "2024-11-21T01:59:34.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-18T16:04:34.350",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32200"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029512"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-12 04:37
Modified
2024-11-21 02:05
Severity ?
Summary
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | cisco_ons_15454_system_software | * | |
| cisco | cisco_ons_15454_system_software | 9.0 | |
| cisco | cisco_ons_15454_system_software | 9.1 | |
| cisco | cisco_ons_15454_system_software | 9.2 | |
| cisco | cisco_ons_15454_system_software | 9.2.1 | |
| cisco | cisco_ons_15454_system_software | 9.2.2 | |
| cisco | cisco_ons_15454_system_software | 9.3 | |
| cisco | cisco_ons_15454_system_software | 9.4 | |
| cisco | ons_15454 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C445CA-51E4-45F7-873B-2A1DC2734F8F",
"versionEndIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383BBBEE-F2B8-4CD4-9390-73E536D3C716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64656F-0FA2-4F1A-9777-C37686DE9E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95EB5962-F6D9-4606-A28B-521CAAA5B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE1275-EC96-4898-96A9-15B00414FB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C01C932-64BC-48F5-8037-81A58B8DC6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE3CF6F-1FED-4402-BF98-21C0CBF9FDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97521058-BCB4-4152-B8FA-EF959966A892",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ons_15454:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054BA906-B607-4A65-A6E3-D3D7F8096235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348."
},
{
"lang": "es",
"value": "Las tarjetas de controlador de Cisco ONS 15454 con software 9.6 y anteriores permiten a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de tarjeta) a trav\u00e9s de un ataque TCP FIN que provoca agotamiento de descriptores de archivo y un fallo de apertura de una tuber\u00eda CAL, tambi\u00e9n conocido como Bug ID CSCug97348."
}
],
"id": "CVE-2014-2140",
"lastModified": "2024-11-21T02:05:43.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-12T04:37:31.847",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33680"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-12 04:37
Modified
2024-11-21 02:05
Severity ?
Summary
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | cisco_ons_15454_system_software | * | |
| cisco | cisco_ons_15454_system_software | 9.0 | |
| cisco | cisco_ons_15454_system_software | 9.1 | |
| cisco | cisco_ons_15454_system_software | 9.2 | |
| cisco | cisco_ons_15454_system_software | 9.2.1 | |
| cisco | cisco_ons_15454_system_software | 9.2.2 | |
| cisco | cisco_ons_15454_system_software | 9.3 | |
| cisco | cisco_ons_15454_system_software | 9.4 | |
| cisco | ons_15454 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C445CA-51E4-45F7-873B-2A1DC2734F8F",
"versionEndIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383BBBEE-F2B8-4CD4-9390-73E536D3C716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64656F-0FA2-4F1A-9777-C37686DE9E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95EB5962-F6D9-4606-A28B-521CAAA5B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE1275-EC96-4898-96A9-15B00414FB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C01C932-64BC-48F5-8037-81A58B8DC6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE3CF6F-1FED-4402-BF98-21C0CBF9FDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97521058-BCB4-4152-B8FA-EF959966A892",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ons_15454:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054BA906-B607-4A65-A6E3-D3D7F8096235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315."
},
{
"lang": "es",
"value": "Las tarjetas de controlador de Cisco ONS 15454 con software 9.6 y anteriores permiten a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de escritura flash) a trav\u00e9s de un ataque TCP FIN que provoca agotamiento de descriptor de archivo, tambi\u00e9n conocido como Bug ID CSCug97315."
}
],
"id": "CVE-2014-2139",
"lastModified": "2024-11-21T02:05:43.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-12T04:37:31.817",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-12 04:37
Modified
2024-11-21 02:05
Severity ?
Summary
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383BBBEE-F2B8-4CD4-9390-73E536D3C716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64656F-0FA2-4F1A-9777-C37686DE9E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95EB5962-F6D9-4606-A28B-521CAAA5B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE1275-EC96-4898-96A9-15B00414FB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C01C932-64BC-48F5-8037-81A58B8DC6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE3CF6F-1FED-4402-BF98-21C0CBF9FDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97521058-BCB4-4152-B8FA-EF959966A892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C0E1C0-BBE2-41CA-9144-B3A35E929BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ons_15454_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A96FD4F8-4C27-4955-BF8B-56E010BE1CDC",
"versionEndIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ons_15454_system_software:9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "716866EA-4AE7-48B3-B981-76F659EF829B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ons_15454:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054BA906-B607-4A65-A6E3-D3D7F8096235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870."
},
{
"lang": "es",
"value": "Las tarjetas de controlador de Cisco ONS 15454 con software 10.0 y anteriores permiten a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de tarjeta) a trav\u00e9s de una URI HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCun06870."
}
],
"id": "CVE-2014-2142",
"lastModified": "2024-11-21T02:05:43.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-12T04:37:31.877",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33679"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-10 04:34
Modified
2024-11-21 02:05
Severity ?
Summary
The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | cisco_ons_15454_system_software | * | |
| cisco | cisco_ons_15454_system_software | 9.0 | |
| cisco | cisco_ons_15454_system_software | 9.1 | |
| cisco | cisco_ons_15454_system_software | 9.2 | |
| cisco | cisco_ons_15454_system_software | 9.2.1 | |
| cisco | cisco_ons_15454_system_software | 9.2.2 | |
| cisco | cisco_ons_15454_system_software | 9.3 | |
| cisco | cisco_ons_15454_system_software | 9.4 | |
| cisco | ons_15454 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C445CA-51E4-45F7-873B-2A1DC2734F8F",
"versionEndIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383BBBEE-F2B8-4CD4-9390-73E536D3C716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64656F-0FA2-4F1A-9777-C37686DE9E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95EB5962-F6D9-4606-A28B-521CAAA5B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE1275-EC96-4898-96A9-15B00414FB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C01C932-64BC-48F5-8037-81A58B8DC6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE3CF6F-1FED-4402-BF98-21C0CBF9FDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ons_15454_system_software:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97521058-BCB4-4152-B8FA-EF959966A892",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ons_15454:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054BA906-B607-4A65-A6E3-D3D7F8096235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416."
},
{
"lang": "es",
"value": "La funcionalidad de terminaci\u00f3n de sesi\u00f3n en las tarjetas de controlador de Cisco ONS 15454 con software 9.6 y anteriores no inicializa un puntero no especificado, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (reinicio de tarjeta) a trav\u00e9s de acciones de cierre de sesi\u00f3n manipuladas, tambi\u00e9n conocido como Bug ID CSCug97416."
}
],
"id": "CVE-2014-2141",
"lastModified": "2024-11-21T02:05:43.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-10T04:34:51.053",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33682"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-2142
Vulnerability from cvelistv5
Published
2014-04-12 01:00
Modified
2024-08-06 10:05
Severity ?
EPSS score ?
Summary
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33679 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33679"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-12T01:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33679"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33679",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33679"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2142",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2139
Vulnerability from cvelistv5
Published
2014-04-12 01:00
Modified
2024-08-06 10:05
Severity ?
EPSS score ?
Summary
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33681 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-12T01:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33681"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2139",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2141
Vulnerability from cvelistv5
Published
2014-04-10 01:00
Modified
2024-08-06 10:05
Severity ?
EPSS score ?
Summary
The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33682 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-10T01:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33682",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2141",
"datePublished": "2014-04-10T01:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2140
Vulnerability from cvelistv5
Published
2014-04-12 01:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33680 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33680"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-12T01:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33680"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33680",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33680"
},
{
"name": "20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2140",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6701
Vulnerability from cvelistv5
Published
2013-12-18 11:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029512 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32200 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029512"
},
{
"name": "20131217 Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T14:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029512"
},
{
"name": "20131217 Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029512"
},
{
"name": "20131217 Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32200",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6701",
"datePublished": "2013-12-18T11:00:00",
"dateReserved": "2013-11-07T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}