Vulnerability Details : CVE-2014-0254
The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-0254
- cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0254
10.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0254
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2014-0254
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0254
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90755
Microsoft Windows IPv6 denial of service CVE-2014-0254 Vulnerability Report
-
http://osvdb.org/103159
-
http://secunia.com/advisories/56775
Sign in
-
http://www.securityfocus.com/bid/65409
Microsoft Windows TCP/IP IPv6 Router Advertisement Remote Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1029747
Microsoft Windows IPv6 Stack Flaw Lets Remote Users Deny Service - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006
Microsoft Security Bulletin MS14-006 - Important | Microsoft Docs
Jump to