Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco IPS Software |
Informations | |||
---|---|---|---|
Name | cisco-sa-20140219-ips | First vendor Publication | 2014-02-19 |
Vendor | Cisco | Last vendor Modification | 2014-02-19 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities: Cisco IPS Analysis Engine Denial of Service Vulnerability Cisco IPS Control-Plane MainApp Denial of Service Vulnerability Cisco IPS Jumbo Frame Denial of Service Vulnerability The Cisco IPS Analysis Engine Denial of Service Vulnerability and the Cisco IPS Jumbo Frame Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive or crash. When this occurs, the Cisco IPS will stop inspecting traffic. The Cisco IPS Control-Plane MainApp Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive and prevent it from executing several tasks including alert notification, event store management, and sensor authentication. The Cisco IPS web server will also be unavailable while the MainApp process is unresponsive, and other processes such as the Analysis Engine process may not work properly. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of the vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlMEtN8ACgkQUddfH3/BbTqaXgD+NeE2RZeYebqQItuny2wwM75u aKOGy+hgzq4SO1Rd42UA/iTYBple0vixcw47mcP8QlnHxbLNNLvPj8RaD8Yktd+Q =mckJ END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-20 | Improper Input Validation |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-02-27 | IAVM : 2014-A-0032 - Multiple Vulnerabilities in Cisco IPS Software Severity : Category I - VMSKEY : V0044543 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-02-26 | Name : The remote security appliance is missing a vendor-supplied patch. File : cisco-sa-20140219-ips.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-28 17:19:10 |
|
2014-02-27 13:20:58 |
|
2014-02-24 21:26:33 |
|
2014-02-19 21:19:40 |
|