Vulnerabilities > CVE-2014-2142 - Denial of Service vulnerability in Cisco products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

nessus

NVD

Published: 2014-04-12

Updated: 2014-04-14

Summary

Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Cisco ONS 15454 System Software 9.0 Cisco Cisco ONS 15454 System Software 9.1 Cisco Cisco ONS 15454 System Software 9.2 Cisco Cisco ONS 15454 System Software 9.2.1 Cisco Cisco ONS 15454 System Software 9.2.2 Cisco Cisco ONS 15454 System Software 9.3 Cisco Cisco ONS 15454 System Software 9.4 Cisco Cisco ONS 15454 System Software 9.6 Cisco ONS 15454 System Software 9.8 Cisco ONS 15454 System Software 10.0	10
Hardware	Cisco Cisco ONS 15454 *	1

Nessus

NASL family	CISCO
NASL id	CISCO-SN-CSCUN06870-ONS.NASL
description	A vulnerability exists in Cisco ONS 15454 Controller Cards that could allow an unauthenticated, remote attacker to cause the control card to reset, resulting in a denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	73458
published	2014-04-10
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73458
title	Cisco ONS 15454 Controller Card DoS (CSCun06870)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(73458); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2014-2142"); script_bugtraq_id(66686); script_xref(name:"CISCO-BUG-ID", value:"CSCun06870"); script_xref(name:"IAVB", value:"2014-B-0038"); script_name(english:"Cisco ONS 15454 Controller Card DoS (CSCun06870)"); script_summary(english:"Checks the ONS version."); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "A vulnerability exists in Cisco ONS 15454 Controller Cards that could allow an unauthenticated, remote attacker to cause the control card to reset, resulting in a denial of service condition."); # https://tools.cisco.com/security/center/viewAlert.x?alertId=33679 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e1759a64"); script_set_attribute(attribute:"see_also",value:"https://tools.cisco.com/bugsearch/bug/CSCun06870"); script_set_attribute(attribute:"solution", value: "Contact normal Cisco support channels to upgrade to a software version that includes fixes for this vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/10"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ons"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("cisco_ons_detect.nasl"); script_require_keys("Cisco/ONS/Device", "Cisco/ONS/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); device_name = "Cisco ONS 15454"; device = get_kb_item_or_exit("Cisco/ONS/Device"); version = get_kb_item_or_exit("Cisco/ONS/Version"); if (device !~ "^15454") audit(AUDIT_HOST_NOT, device_name); match = eregmatch(pattern: "^(\d+(?:\.\d+)*)-", string:version); if (isnull(match)) exit(1, "Error parsing version string."); # Format version string. match = eregmatch(pattern:"^(\d+)\.(\d)(\d)(\d)?$", string:match[1]); if (isnull(match)) exit(1, "Error parsing version string."); else if (max_index(match) < 4) audit(AUDIT_VER_NOT_GRANULAR, device_name, version); version_formatted = join(make_list(string(int(match[1])), match[2], match[3]), sep:'.'); if (match[4]) version_formatted += '.' + match[4]; # Check version. flag = 0; if (version_formatted =~ "^8\.0\.0(\.\|$)") flag++; else if (version_formatted =~ "^8\.5\.[0-3](\.\|$)") flag++; else if (version_formatted =~ "^9\.[01346]\.0(\.\|$)") flag++; else if (version_formatted =~ "^9\.2\.[0-2](\.\|$)") flag++; else if (version_formatted =~ "^9\.8\.[01](\.\|$)") flag++; else if (version_formatted =~ "^10\.0\.0(\.\|$)") flag++; if (flag) { port = 0; if (report_verbosity > 0) { report = '\n Installed version : ' + version_formatted + ' (' + version + ')' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, device_name, version);

Seebug

bulletinFamily	exploit
description	Bugtraq ID:66686 CVE ID:CVE-2014-2142 Cisco ONS 15454是一款多业务传输平台。 Cisco ONS 15454控制卡WEB接口存在安全漏洞，由于不正确解析HTTP URI，允许攻击者发送特制的HTTP请求，可使控制卡重载。 0 Cisco ONS 15454 System Software 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142
id	SSV:62106
last seen	2017-11-19
modified	2014-04-10
published	2014-04-10
reporter	Root
title	Cisco ONS 15454控制卡HTTP URI拒绝服务漏洞

Summary

Vulnerable Configurations

Nessus

Seebug

References