var-201609-0590
Vulnerability from variot
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. Vendors have confirmed this vulnerability Bug ID CSCun94946 ,and CSCun96847 It is released as.A third party may be able to circumvent restricted access to resources through forged traffic that matches the session. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Zone-BasedFirewall (ZBFW) is one of the policy firewall components. The ZBFW feature in Cisco IOS and IOSXESoftware has a security bypass vulnerability that stems from a program failing to properly check the current session's data flow. This vulnerability can be exploited by remote attackers to inject and pass fake data streams, bypassing security restrictions and gaining unauthorized access to resources. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCun94946 and CSCun96847
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "15.4\\(1\\)t1"
},
{
"model": "ios xe",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "15.4\\(3\\)s"
},
{
"model": "ios",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "15.4"
},
{
"model": "ios xe",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "3.13"
},
{
"model": "ios",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=15.4"
},
{
"model": "ios xe",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=3.13"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.4\\(3\\)s"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.4\\(1\\)t1"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "BID",
"id": "93126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.4\\(3\\)s",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.4\\(1\\)t1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2146"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93126"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2146",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2146",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-08194",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-70085",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-2146",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2146",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-08194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70085",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "VULHUB",
"id": "VHN-70085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. Vendors have confirmed this vulnerability Bug ID CSCun94946 ,and CSCun96847 It is released as.A third party may be able to circumvent restricted access to resources through forged traffic that matches the session. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Zone-BasedFirewall (ZBFW) is one of the policy firewall components. The ZBFW feature in Cisco IOS and IOSXESoftware has a security bypass vulnerability that stems from a program failing to properly check the current session\u0027s data flow. This vulnerability can be exploited by remote attackers to inject and pass fake data streams, bypassing security restrictions and gaining unauthorized access to resources. This may aid in further attacks. \nThis issue is tracked by Cisco Bug IDs CSCun94946 and CSCun96847",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "BID",
"id": "93126"
},
{
"db": "VULHUB",
"id": "VHN-70085"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2146",
"trust": 3.4
},
{
"db": "BID",
"id": "93126",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-08194",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70085",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "VULHUB",
"id": "VHN-70085"
},
{
"db": "BID",
"id": "93126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"id": "VAR-201609-0590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "VULHUB",
"id": "VHN-70085"
}
],
"trust": 1.3193763
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
}
]
},
"last_update_date": "2023-12-18T13:09:01.828000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CSCun94946 - IOS : Vulnerability in Zone Based Firewall",
"trust": 0.8,
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/cscun94946"
},
{
"title": "CSCun96847 - IOS-XE : Zone mismatch vulnerability in Zone Based Firewall",
"trust": 0.8,
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/cscun96847"
},
{
"title": "39129",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=39129"
},
{
"title": "Cisco IOS and IOSXESoftwareZBFW Functional Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81788"
},
{
"title": "Cisco IOS and IOS XE Software Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "NVD",
"id": "CVE-2014-2146"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=39129"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2146"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93126"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2146"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "VULHUB",
"id": "VHN-70085"
},
{
"db": "BID",
"id": "93126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"db": "VULHUB",
"id": "VHN-70085"
},
{
"db": "BID",
"id": "93126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"date": "2016-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70085"
},
{
"date": "2015-05-29T00:00:00",
"db": "BID",
"id": "93126"
},
{
"date": "2016-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"date": "2016-09-22T17:59:00.133000",
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"date": "2016-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08194"
},
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-70085"
},
{
"date": "2016-09-23T10:21:00",
"db": "BID",
"id": "93126"
},
{
"date": "2016-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008181"
},
{
"date": "2017-02-19T06:03:22.400000",
"db": "NVD",
"id": "CVE-2014-2146"
},
{
"date": "2016-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS and IOS XE Vulnerability in the zone-based firewall function that prevents access to resources",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008181"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-558"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.