CVE-2014-0718Improper Input Validation in Cisco IPS Sensor Software

CWE-20Improper Input Validation4 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 39.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IPS Sensor SoftwareCisco IPS
Timeline
PublishedFeb 22
Latest updateMay 17

Description

The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ips_sensor_software5 versions+4
ciscocisco/ips

🔴Vulnerability Details

1
GHSA
GHSA-jfh8-4pwp-rc9r: The produce-verbose-alert feature in Cisco IPS Software 72022-05-17

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Cisco IPS Software2014-02-20
Cisco
Multiple Vulnerabilities in Cisco IPS Software
CVE-2014-0718 — Improper Input Validation in Cisco | cvebase