Vulnerability Details : CVE-2014-2112
The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-2112
- cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2112
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2112
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2014-2112
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2112
-
http://www.securityfocus.com/bid/66462
Cisco IOS SSL VPN CVE-2014-2112 Remote Denial of Service Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
Cisco IOS Software SSL VPN Denial of Service VulnerabilityVendor Advisory
Jump to