Vulnerabilities > CVE-2014-2141 - Buffer Errors vulnerability in Cisco ONS 15454 System Software and ONS 15454

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

CWE-119

nessus

NVD

Published: 2014-04-10

Updated: 2014-04-10

Summary

The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Cisco ONS 15454 System Software 9.0 Cisco Cisco ONS 15454 System Software 9.1 Cisco Cisco ONS 15454 System Software 9.2 Cisco Cisco ONS 15454 System Software 9.2.1 Cisco Cisco ONS 15454 System Software 9.2.2 Cisco Cisco ONS 15454 System Software 9.3 Cisco Cisco ONS 15454 System Software 9.4 Cisco Cisco ONS 15454 System Software 9.6	8
Hardware	Cisco Cisco ONS 15454 *	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	CISCO
NASL id	CISCO-SN-CSCUG97416-ONS.NASL
description	A vulnerability exists in Cisco ONS 15454 Controller Cards that could allow an authenticated, remote attacker to cause the control card to reset, resulting in a denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	73457
published	2014-04-10
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73457
title	Cisco ONS 15454 Controller Card DoS (CSCug97416)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(73457); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2014-2141"); script_bugtraq_id(66666); script_xref(name:"CISCO-BUG-ID", value:"CSCug97416"); script_xref(name:"IAVB", value:"2014-B-0038"); script_name(english:"Cisco ONS 15454 Controller Card DoS (CSCug97416)"); script_summary(english:"Checks the ONS version."); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "A vulnerability exists in Cisco ONS 15454 Controller Cards that could allow an authenticated, remote attacker to cause the control card to reset, resulting in a denial of service condition."); # https://tools.cisco.com/security/center/viewAlert.x?alertId=33682 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?183157df"); script_set_attribute(attribute:"see_also",value:"https://tools.cisco.com/bugsearch/bug/CSCug97416"); script_set_attribute(attribute:"solution", value: "Contact normal Cisco support channels to upgrade to a software version that includes fixes for this vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/10"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ons"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("cisco_ons_detect.nasl"); script_require_keys("Cisco/ONS/Device", "Cisco/ONS/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); device_name = "Cisco ONS 15454"; device = get_kb_item_or_exit("Cisco/ONS/Device"); version = get_kb_item_or_exit("Cisco/ONS/Version"); if (device !~ "^15454") audit(AUDIT_HOST_NOT, device_name); match = eregmatch(pattern: "^(\d+(?:\.\d+)*)-", string:version); if (isnull(match)) exit(1, "Error parsing version string."); # Format version string. match = eregmatch(pattern:"^(\d+)\.(\d)(\d)(\d)?$", string:match[1]); if (isnull(match)) exit(1, "Error parsing version string."); else if (max_index(match) < 4) audit(AUDIT_VER_NOT_GRANULAR, device_name, version); version_formatted = join(make_list(string(int(match[1])), match[2], match[3]), sep:'.'); if (match[4]) version_formatted += '.' + match[4]; # Check version. flag = 0; if (version_formatted =~ "^8\.0\.0(\.\|$)") flag++; else if (version_formatted =~ "^8\.5\.[0-3](\.\|$)") flag++; else if (version_formatted =~ "^9\.[013468]\.0(\.\|$)") flag++; else if (version_formatted =~ "^9\.2\.[0-2](\.\|$)") flag++; if (flag) { port = 0; if (report_verbosity > 0) { report = '\n Installed version : ' + version_formatted + ' (' + version + ')' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, device_name, version);

Seebug

bulletinFamily	exploit
description	CVE ID:CVE-2014-2141 Cisco ONS 15454是一款多业务传输平台。 Cisco ONS 15454控制卡会话终止功能存在漏洞，漏洞是由于未初始化指针，攻击者可利用此漏洞以特定方式关闭会话，使控制卡重置。 0 Cisco ONS 15454 System Software 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141
id	SSV:62105
last seen	2017-11-19
modified	2014-04-10
published	2014-04-10
reporter	Root
title	Cisco ONS 15454控制卡会话终止拒绝服务漏洞