CVE-2014-2109 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input ValidationCWE-3995 documents5 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 21.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 27
Latest updateMay 17

Description

The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

â–¶NVDcisco/ios8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-6p6v-7hf9-h7jf: The TCP Input module in Cisco IOS 12↗2022-05-17
â–¶
CVEList
CVE-2014-2109: The TCP Input module in Cisco IOS 12↗2014-03-27
â–¶

📋Vendor Advisories

2
CISA ICS
Rockwell Automation Stratix 5900↗2017-05-10
â–¶
Cisco
Cisco IOS Software Network Address Translation Vulnerabilities↗2014-03-26
â–¶
CVE-2014-2109 — Improper Input Validation in Cisco IOS | cvebase