CVE-2014-2146

EPSS 0.23%
Published 22.09.2016 17:59:00
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version <= 15.4\(1\)t1

Cisco ≫ Ios Xe Version <= 15.4\(3\)s

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.424

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/93126

https://tools.cisco.com/security/center/viewAlert.x?alertId=39129

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-2146

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2146

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2146

EUVD