CVE-2014-2143 — Cisco IOS vulnerability

CWE-3995 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 38.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedApr 4

Latest updateMay 17

Description

The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ios15.4\(1\)t+12

🔴Vulnerability Details

GHSA

GHSA-9q73-pqxf-h52m: The IKE implementation in Cisco IOS 15↗2022-05-17

▶

CVEList

CVE-2014-2143: The IKE implementation in Cisco IOS 15↗2014-04-04

▶

💥Exploits & PoCs

Exploit-DB

Katello (RedHat Satellite) - users/update_roles Missing Authorisation (Metasploit)↗2014-03-26

▶

📋Vendor Advisories

Cisco

Cisco IOS Software and Cisco IOS XE Software IKE Main Mode Vulnerability↗2014-04-03

▶