Vulnerability Details : CVE-2014-0677
The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-0677
- cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0677
1.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0677
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0677
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0677
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90623
Cisco NX-OS Label Distribution Protocol denial of service CVE-2014-0677 Vulnerability Report
-
http://www.securitytracker.com/id/1029691
Cisco NX-OS Label Distribution Protocol Message Processing Flaw Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32532
Cisco NX-OS Software Label Distribution Protocol Message VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/65074
Cisco NX-OS Label Distribution Protocol Message Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0677
Cisco NX-OS Software Label Distribution Protocol Message VulnerabilityVendor Advisory
Jump to