cvelistv5 - cve-2014-2146

CVE-2014-2146 (GCVE-0-2014-2146)

Vulnerability from cvelistv5 – Published: 2016-09-22 17:00 – Updated: 2024-08-06 10:05

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/93126	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/viewAlert…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:05:59.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93126",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93126"
          },
          {
            "name": "20150529 Multiple Cisco Products Zone-Based Firewall Security Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "93126",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93126"
        },
        {
          "name": "20150529 Multiple Cisco Products Zone-Based Firewall Security Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2146",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93126",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93126"
            },
            {
              "name": "20150529 Multiple Cisco Products Zone-Based Firewall Security Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-2146",
    "datePublished": "2016-09-22T17:00:00",
    "dateReserved": "2014-02-25T00:00:00",
    "dateUpdated": "2024-08-06T10:05:59.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.4\\\\(1\\\\)t1\", \"matchCriteriaId\": \"4970DCB2-3E76-491E-94B0-727E64945D12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.4\\\\(3\\\\)s\", \"matchCriteriaId\": \"587D3D93-1222-4E04-91C4-E1E03AEFD7D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad Zone-Based Firewall (ZBFW) en Cisco IOS, posiblemente 15.4 y versiones anteriores e IOS XE, posiblemente 3.13 y versiones anteriores, no maneja adecuadamente la zona de comprobaci\\u00f3n de las sesiones existentes, lo que permite a atacantes remotos eludir las restricciones de acceso a los recursos intencionadas a trav\\u00e9s de tr\\u00e1fico suplantado que coincide con una de estas sesiones, vulnerabilidad tambi\\u00e9n conocida como Bug IDs CSCun94946 y CSCun96847.\"}]",
      "id": "CVE-2014-2146",
      "lastModified": "2024-11-21T02:05:44.440",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-09-22T17:59:00.133",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/93126\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/viewAlert.x?alertId=39129\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/viewAlert.x?alertId=39129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2146\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-09-22T17:59:00.133\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad Zone-Based Firewall (ZBFW) en Cisco IOS, posiblemente 15.4 y versiones anteriores e IOS XE, posiblemente 3.13 y versiones anteriores, no maneja adecuadamente la zona de comprobaci\u00f3n de las sesiones existentes, lo que permite a atacantes remotos eludir las restricciones de acceso a los recursos intencionadas a trav\u00e9s de tr\u00e1fico suplantado que coincide con una de estas sesiones, vulnerabilidad tambi\u00e9n conocida como Bug IDs CSCun94946 y CSCun96847.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.4\\\\(1\\\\)t1\",\"matchCriteriaId\":\"4970DCB2-3E76-491E-94B0-727E64945D12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.4\\\\(3\\\\)s\",\"matchCriteriaId\":\"587D3D93-1222-4E04-91C4-E1E03AEFD7D2\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93126\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/viewAlert.x?alertId=39129\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/viewAlert.x?alertId=39129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2014-2146

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2146

Aliases

CVE-2014-2146

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2146",
    "description": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",
    "id": "GSD-2014-2146",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-2146.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2146"
      ],
      "details": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",
      "id": "GSD-2014-2146",
      "modified": "2023-12-13T01:22:46.548952Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-2146",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "93126",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93126"
          },
          {
            "name": "20150529 Multiple Cisco Products Zone-Based Firewall Security Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.4\\(3\\)s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.4\\(1\\)t1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2146"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150529 Multiple Cisco Products Zone-Based Firewall Security Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
            },
            {
              "name": "93126",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93126"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-02-19T06:03Z",
      "publishedDate": "2016-09-22T17:59Z"
    }
  }
}

VAR-201609-0590

Vulnerability from variot - Updated: 2023-12-18 13:09

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. Vendors have confirmed this vulnerability Bug ID CSCun94946 ,and CSCun96847 It is released as.A third party may be able to circumvent restricted access to resources through forged traffic that matches the session. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Zone-BasedFirewall (ZBFW) is one of the policy firewall components. The ZBFW feature in Cisco IOS and IOSXESoftware has a security bypass vulnerability that stems from a program failing to properly check the current session's data flow. This vulnerability can be exploited by remote attackers to inject and pass fake data streams, bypassing security restrictions and gaining unauthorized access to resources. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCun94946 and CSCun96847

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0590",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "15.4\\(1\\)t1"
      },
      {
        "model": "ios xe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "15.4\\(3\\)s"
      },
      {
        "model": "ios",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "15.4"
      },
      {
        "model": "ios xe",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.13"
      },
      {
        "model": "ios",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "\u003c=15.4"
      },
      {
        "model": "ios xe",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "\u003c=3.13"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "15.4\\(3\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "15.4\\(1\\)t1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "BID",
        "id": "93126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.4\\(3\\)s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.4\\(1\\)t1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "93126"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2146",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-2146",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-08194",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-70085",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2014-2146",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2146",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-08194",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-558",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70085",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. Vendors have confirmed this vulnerability Bug ID CSCun94946 ,and CSCun96847 It is released as.A third party may be able to circumvent restricted access to resources through forged traffic that matches the session. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Zone-BasedFirewall (ZBFW) is one of the policy firewall components. The ZBFW feature in Cisco IOS and IOSXESoftware has a security bypass vulnerability that stems from a program failing to properly check the current session\u0027s data flow. This vulnerability can be exploited by remote attackers to inject and pass fake data streams, bypassing security restrictions and gaining unauthorized access to resources. This may aid in further attacks. \nThis issue is tracked by Cisco Bug IDs CSCun94946 and CSCun96847",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "BID",
        "id": "93126"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2146",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "93126",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "db": "BID",
        "id": "93126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "id": "VAR-201609-0590",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      }
    ],
    "trust": 1.3193763
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:09:01.828000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CSCun94946 - IOS : Vulnerability in Zone Based Firewall",
        "trust": 0.8,
        "url": "https://quickview.cloudapps.cisco.com/quickview/bug/cscun94946"
      },
      {
        "title": "CSCun96847 - IOS-XE : Zone mismatch vulnerability in Zone Based Firewall",
        "trust": 0.8,
        "url": "https://quickview.cloudapps.cisco.com/quickview/bug/cscun96847"
      },
      {
        "title": "39129",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=39129"
      },
      {
        "title": "Cisco IOS and IOSXESoftwareZBFW Functional Security Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/81788"
      },
      {
        "title": "Cisco IOS  and IOS XE Software Repair measures for security bypass vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64287"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=39129"
      },
      {
        "trust": 1.4,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2146"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/93126"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2146"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "db": "BID",
        "id": "93126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "db": "BID",
        "id": "93126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "date": "2016-09-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "date": "2015-05-29T00:00:00",
        "db": "BID",
        "id": "93126"
      },
      {
        "date": "2016-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "date": "2016-09-22T17:59:00.133000",
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "date": "2016-09-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-08194"
      },
      {
        "date": "2017-02-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70085"
      },
      {
        "date": "2016-09-23T10:21:00",
        "db": "BID",
        "id": "93126"
      },
      {
        "date": "2016-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      },
      {
        "date": "2017-02-19T06:03:22.400000",
        "db": "NVD",
        "id": "CVE-2014-2146"
      },
      {
        "date": "2016-09-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS and  IOS XE Vulnerability in the zone-based firewall function that prevents access to resources",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008181"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-558"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-08194

Vulnerability from cnvd - Published: 2016-09-27

Title

Cisco IOS和IOS XE Software ZBFW功能安全绕过漏洞

Description

Cisco IOS和IOS XE Software都是美国思科（Cisco）公司为其网络设备开发的操作系统。Zone-Based Firewall（ZBFW）是其中的一个策略防火墙组件。 Cisco IOS和IOS XE Software中的ZBFW功能存在安全绕过漏洞，该漏洞源于程序未能正确区域检查当前会话的数据流。远程攻击者可利用该漏洞注入和传递伪造的数据流，绕过安全限制，获取资源的未授权访问权限。

Severity

中

Patch Name

Cisco IOS和IOS XE Software ZBFW功能安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/viewAlert.x?alertId=39129

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2146

Impacted products

Name
['Cisco IOS <=15.4', 'Cisco IOS XE <=3.13']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-2146"
    }
  },
  "description": "Cisco IOS\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Zone-Based Firewall\uff08ZBFW\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7b56\u7565\u9632\u706b\u5899\u7ec4\u4ef6\u3002\r\n\r\nCisco IOS\u548cIOS XE Software\u4e2d\u7684ZBFW\u529f\u80fd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u533a\u57df\u68c0\u67e5\u5f53\u524d\u4f1a\u8bdd\u7684\u6570\u636e\u6d41\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u548c\u4f20\u9012\u4f2a\u9020\u7684\u6570\u636e\u6d41\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u83b7\u53d6\u8d44\u6e90\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/viewAlert.x?alertId=39129",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08194",
  "openTime": "2016-09-27",
  "patchDescription": "Cisco IOS\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Zone-Based Firewall\uff08ZBFW\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7b56\u7565\u9632\u706b\u5899\u7ec4\u4ef6\u3002\r\n\r\nCisco IOS\u548cIOS XE Software\u4e2d\u7684ZBFW\u529f\u80fd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u533a\u57df\u68c0\u67e5\u5f53\u524d\u4f1a\u8bdd\u7684\u6570\u636e\u6d41\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u548c\u4f20\u9012\u4f2a\u9020\u7684\u6570\u636e\u6d41\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u83b7\u53d6\u8d44\u6e90\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS\u548cIOS XE Software ZBFW\u529f\u80fd\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS \u003c=15.4",
      "Cisco IOS XE \u003c=3.13"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2146",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-24",
  "title": "Cisco IOS\u548cIOS XE Software ZBFW\u529f\u80fd\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2014-2146

Vulnerability from fkie_nvd - Published: 2016-09-22 17:59 - Updated: 2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/93126
psirt@cisco.com	https://tools.cisco.com/security/center/viewAlert.x?alertId=39129	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93126
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/viewAlert.x?alertId=39129	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	ios	*
	cisco	ios_xe	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4970DCB2-3E76-491E-94B0-727E64945D12",
              "versionEndIncluding": "15.4\\(1\\)t1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "587D3D93-1222-4E04-91C4-E1E03AEFD7D2",
              "versionEndIncluding": "15.4\\(3\\)s",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847."
    },
    {
      "lang": "es",
      "value": "La funcionalidad Zone-Based Firewall (ZBFW) en Cisco IOS, posiblemente 15.4 y versiones anteriores e IOS XE, posiblemente 3.13 y versiones anteriores, no maneja adecuadamente la zona de comprobaci\u00f3n de las sesiones existentes, lo que permite a atacantes remotos eludir las restricciones de acceso a los recursos intencionadas a trav\u00e9s de tr\u00e1fico suplantado que coincide con una de estas sesiones, vulnerabilidad tambi\u00e9n conocida como Bug IDs CSCun94946 y CSCun96847."
    }
  ],
  "id": "CVE-2014-2146",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-22T17:59:00.133",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93126"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CVF4-6MXR-VC38

Vulnerability from github – Published: 2022-05-17 02:58 – Updated: 2022-05-17 02:58

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-22T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",
  "id": "GHSA-cvf4-6mxr-vc38",
  "modified": "2022-05-17T02:58:43Z",
  "published": "2022-05-17T02:58:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2146"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=39129"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93126"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2146 (GCVE-0-2014-2146)

GSD-2014-2146

VAR-201609-0590

CNVD-2016-08194

FKIE_CVE-2014-2146

GHSA-CVF4-6MXR-VC38

Tags

Sightings

Nomenclature