CVE-2014-7992

Опубликовано: 18 нояб. 2014

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=36453
Vendor Advisory
http://www.securityfocus.com/bid/71145
http://www.securitytracker.com/id/1031220
https://exchange.xforce.ibmcloud.com/vulnerabilities/98724
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=36453
Vendor Advisory
http://www.securityfocus.com/bid/71145
http://www.securitytracker.com/id/1031220
https://exchange.xforce.ibmcloud.com/vulnerabilities/98724

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.60801

Средний

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-p6vm-9vwg-8vxw

github

больше 3 лет назад