Vulnerability Details : CVE-2014-8013
The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-8013
- cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8013
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8013
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2014-8013
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8013
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8013
Cisco NX-OS Software TACACS+ Command Authorization VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/72393
Cisco NX-OS Software CVE-2014-8013 Local Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1031685
Cisco NX-OS TACACS+ Command Processing Flaw Lets Local Users Deny Service - SecurityTracker
Jump to