var-200407-0001
Vulnerability from variot
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). Sustained exploitation of this vulnerability could lead to a denial of service condition affect a large segment of the Internet community. / Router disrupts service operation (DoS) It may be in a state. This is caused by a design error that causes memory corruption in the affected system under certain circumstances. The denial of service is due to a corruption of memory in the affected device. As a result, there may be other consequences, such as code execution. This has not been confirmed by Cisco. Cisco IOS is a very widely deployed network operating system. Many Cisco devices run IOS. Specially constructed malformed SNMPv1 and SNMPv2 can trigger this vulnerability, and more dangerously any SNMPv3 "talk" operation detected on such ports can cause memory corruption that overloads the device, resulting in a denial of service.
This vulnerability is distinct from the vulnerability described in US-CERT Technical Alert TA04-111A issued earlier today. Cisco has published an advisory about this distinct SNMP issue at the following location:
http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
I. Description
The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. There are several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send both solicited and unsolicited alerts. These messages use UDP to communicate network information between SNMP agents and managers. This may potentially cause the device to reload.
Typically, ports 161/udp and 162/udp are used during SNMP operations to communicate. While SNMPv1 and SNMPv2c formatted messages can trigger this vulnerability, the greatest risk is exposed when any SNMPv3 solicited operation is sent to a vulnerable port.
Cisco notes in their advisory:
"SNMPv1 and SNMPv2c solicited operations to the vulnerable ports will perform an authentication check against the SNMP community string, which may be used to mitigate attacks. Through best practices of hard to guess community strings and community string ACLs, this vulnerability may be mitigated for both SNMPv1 and SNMPv2c. However, any SNMPv3 solicited operation to the vulnerable ports will reset the device. If configured for SNMP, all affected versions will process SNMP version 1, 2c and 3 operations."
Cisco is tracking this issue as CSCed68575. US-CERT is tracking this issue as VU#162451.
II. Impact
A remote, unauthenticated attacker could cause the vulnerable device to reload.
III. System managers are encouraged to upgrade to one of the non-vulnerable releases. For additional information regarding availability of repaired releases, please refer to the "Software Versions and Fixes" section of the Cisco Security Advisory.
http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
Workarounds
Cisco recommends a number of workarounds, including disabling SNMP processing on affected devices. For a complete list of workarounds, see the Cisco Security Advisory.
Appendix A. Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to US-CERT, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments. Cisco has published their advisory at the following location:
http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml ___________
US-CERT thanks Cisco Systems for notifying us about this problem. ___________
Feedback can be directed to the authors: Jeff Havrilla, Shawn Hernan, Damon Morda
The latest version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA04-111B.html>
_________________________________________________________________
Copyright 2004 Carnegie Mellon University.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 20, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAhdSYXlvNRxAkFWARAqPXAJ98/hPua542rVKLAgmOVFRJEbLgHACgsBYS vP+68misX1RV+A2fWyU2NQA= =jID6 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200407-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "12.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)ec1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(4\\)t2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(4\\)t3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(12h\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xg"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(2\\)t3"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.0"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(2\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(27\\)sv1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(5\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(26\\)s1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(24\\)s5"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(21\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xf"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xc"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(4\\)t1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(2\\)xc2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2sw"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0s"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(1\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1eo"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2zq"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(20\\)s1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(4\\)xd1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(4\\)xd"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(27\\)sv"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(27\\)s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(23\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1ec"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)e2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(5a\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(5a\\)b"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(23\\)s5"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xk"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(21a\\)"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xh"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(12g\\)"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(0\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xd"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1eb"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(5b\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(6\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3b"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(1\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)ew"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0sv"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)ea1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)ec"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1ew"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xq"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(24\\)s4"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)eo"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1eu"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(2\\)"
},
{
"model": "ons 15454e optical transport platform",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(20\\)s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(23\\)s4"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(3\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)e1"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(2\\)xc1"
},
{
"model": "optical networking systems software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3\\(4\\)t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.3xe"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1ea"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(20\\)ew1"
},
{
"model": "ios 12.2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\(3\\)"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\(1\\)"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\(0\\)"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\(2\\)"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0\\(2\\)"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "ons 15454e optical transport platform",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ons 15454 optical transport platform",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0\\(1\\)"
},
{
"model": "ons 15454e optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(3)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ios 12.3xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(6)"
},
{
"model": "ios 12.3 b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(5)"
},
{
"model": "ios 12.3 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(23)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(21)"
},
{
"model": "ios 12.2 s1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ew",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1eu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1eo",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1eb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 eo",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sv1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(9)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(7.7)"
},
{
"model": "ios 12.3 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 b1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xq",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xk",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xh",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xg1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xd2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 eo1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xc3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(24)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(23.6)"
},
{
"model": "ios 12.2 sw",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 eb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 eo1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sv2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#162451"
},
{
"db": "BID",
"id": "10186"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(12g\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(12h\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sw:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2zq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(4\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(4\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1eu:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ew:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(23\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(4\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(4\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(5a\\)b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(5b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(6\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xg:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ea1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1eb:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(20\\)s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(20\\)s1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(2\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(4\\)xd:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(4\\)xd1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xc:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xd:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1eo:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(21\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(21a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(2\\)xc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(2\\)xc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(5a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3xf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ons_15454e_optical_transport_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.1\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_networking_systems_software:4.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-0714",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-9144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0714",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#162451",
"trust": 0.8,
"value": "90.97"
},
{
"author": "CNNVD",
"id": "CNNVD-200407-088",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#162451"
},
{
"db": "VULHUB",
"id": "VHN-9144"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). Sustained exploitation of this vulnerability could lead to a denial of service condition affect a large segment of the Internet community. / Router disrupts service operation (DoS) It may be in a state. This is caused by a design error that causes memory corruption in the affected system under certain circumstances. The denial of service is due to a corruption of memory in the affected device. As a result, there may be other consequences, such as code execution. This has not been confirmed by Cisco. Cisco IOS is a very widely deployed network operating system. Many Cisco devices run IOS. Specially constructed malformed SNMPv1 and SNMPv2 can trigger this vulnerability, and more dangerously any SNMPv3 \"talk\" operation detected on such ports can cause memory corruption that overloads the device, resulting in a denial of service. \n\n This vulnerability is distinct from the vulnerability described in\n US-CERT Technical Alert TA04-111A issued earlier today. Cisco has\n published an advisory about this distinct SNMP issue at the following\n location:\n\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml\u003e\n\nI. Description\n\n The Simple Network Management Protocol (SNMP) is a widely deployed\n protocol that is commonly used to monitor and manage network devices. \n There are several types of SNMP messages that are used to request\n information or configuration changes, respond to requests, enumerate\n SNMP objects, and send both solicited and unsolicited alerts. These\n messages use UDP to communicate network information between SNMP\n agents and managers. This may\n potentially cause the device to reload. \n\n Typically, ports 161/udp and 162/udp are used during SNMP operations\n to communicate. While SNMPv1 and SNMPv2c formatted messages can trigger this\n vulnerability, the greatest risk is exposed when any SNMPv3 solicited\n operation is sent to a vulnerable port. \n\n Cisco notes in their advisory:\n\n \"SNMPv1 and SNMPv2c solicited operations to the vulnerable ports will\n perform an authentication check against the SNMP community string,\n which may be used to mitigate attacks. Through best practices of\n hard to guess community strings and community string ACLs, this\n vulnerability may be mitigated for both SNMPv1 and SNMPv2c. \n However, any SNMPv3 solicited operation to the vulnerable ports\n will reset the device. If configured for SNMP, all affected\n versions will process SNMP version 1, 2c and 3 operations.\"\n\n Cisco is tracking this issue as CSCed68575. US-CERT is tracking this\n issue as VU#162451. \n\nII. Impact\n\n A remote, unauthenticated attacker could cause the vulnerable device\n to reload. \n\nIII. System managers are\n encouraged to upgrade to one of the non-vulnerable releases. For\n additional information regarding availability of repaired releases,\n please refer to the \"Software Versions and Fixes\" section of the Cisco\n Security Advisory. \n\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml\u003e\n\n\nWorkarounds\n\n Cisco recommends a number of workarounds, including disabling SNMP\n processing on affected devices. For a complete list of workarounds,\n see the Cisco Security Advisory. \n\nAppendix A. Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to US-CERT, we will update\n this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. Cisco has published their advisory at the\n following location:\n\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml\u003e\n _________________________________________________________________\n\n US-CERT thanks Cisco Systems for notifying us about this problem. \n _________________________________________________________________\n\n Feedback can be directed to the authors: Jeff Havrilla, Shawn Hernan,\n Damon Morda\n\n The latest version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA04-111B.html\u003e\n _________________________________________________________________\n\n Copyright 2004 Carnegie Mellon University. \n\n Terms of use:\n \n \u003chttp://www.us-cert.gov/legal.html\u003e\n\n Revision History\n\n April 20, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFAhdSYXlvNRxAkFWARAqPXAJ98/hPua542rVKLAgmOVFRJEbLgHACgsBYS\nvP+68misX1RV+A2fWyU2NQA=\n=jID6\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"db": "CERT/CC",
"id": "VU#162451"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"db": "BID",
"id": "10186"
},
{
"db": "VULHUB",
"id": "VHN-9144"
},
{
"db": "PACKETSTORM",
"id": "33144"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#162451",
"trust": 3.3
},
{
"db": "USCERT",
"id": "TA04-111B",
"trust": 2.9
},
{
"db": "BID",
"id": "10186",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2004-0714",
"trust": 2.8
},
{
"db": "XF",
"id": "15921",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1009889",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088",
"trust": 0.7
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5845",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA04-111B",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20040420 VULNERABILITIES IN SNMP MESSAGE PROCESSING",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33144",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#162451"
},
{
"db": "VULHUB",
"id": "VHN-9144"
},
{
"db": "BID",
"id": "10186"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"db": "PACKETSTORM",
"id": "33144"
},
{
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"id": "VAR-200407-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9144"
}
],
"trust": 0.775
},
"last_update_date": "2023-12-18T13:45:32.441000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20040420-snmp",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-111b.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/10186"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/162451"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/15921"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5845"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15921"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc1157.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-125.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0714"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20040421-cisco_snmp.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2004/at040004.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-111b/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-111b/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0714"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/apr/1009889.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2004/20040421_113629.html"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5845"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-111b.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#162451"
},
{
"db": "VULHUB",
"id": "VHN-9144"
},
{
"db": "BID",
"id": "10186"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"db": "PACKETSTORM",
"id": "33144"
},
{
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#162451"
},
{
"db": "VULHUB",
"id": "VHN-9144"
},
{
"db": "BID",
"id": "10186"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"db": "PACKETSTORM",
"id": "33144"
},
{
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-04-20T00:00:00",
"db": "CERT/CC",
"id": "VU#162451"
},
{
"date": "2004-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-9144"
},
{
"date": "2004-04-20T00:00:00",
"db": "BID",
"id": "10186"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"date": "2004-04-20T20:03:00",
"db": "PACKETSTORM",
"id": "33144"
},
{
"date": "2004-07-27T04:00:00",
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"date": "2004-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-04-21T00:00:00",
"db": "CERT/CC",
"id": "VU#162451"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-9144"
},
{
"date": "2015-03-19T08:23:00",
"db": "BID",
"id": "10186"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000154"
},
{
"date": "2018-10-30T16:26:17.310000",
"db": "NVD",
"id": "CVE-2004-0714"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS fails to properly process solicited SNMP operations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#162451"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "10186"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-088"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.