CVE-2014-7992
published 2014-11-18CVE-2014-7992: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process…
PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
27.15%
97.8th percentile
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated inbound TCP connections to port 2067 (DLSw) on Cisco IOS routers, which may indicate exploitation attempts of CVE-2014-7992. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability (auxiliary/scanner/dlsw/dlsw_leak_capture); presence of this module's traffic patterns against TCP/2067 should be treated as active exploitation. ↗
- →Cisco IOS 12.x and 15.x trains are confirmed affected; scope detection efforts to routers running these versions with DLSw configured and active. ↗
- →Leaked data may include clear-text passwords and SNMP community strings; monitor for unexpected credential reuse or SNMP community string abuse following any DLSw connection anomaly. ↗
- ·Exploitation requires the attacker to reach TCP/2067 on the target, which may necessitate access to trusted internal networks; perimeter firewall blocking of this port significantly reduces exposure. ↗
- ·The attacker may also need to determine whether DLSw is enabled on the target device before exploitation is feasible. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p6vm-9vwg-8vxw: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from
ghsa_unreviewed·2022-05-17
CVE-2014-7992 [MEDIUM] CWE-200 GHSA-p6vm-9vwg-8vxw: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
Cisco
Cisco IOS Software DLSw Information Disclosure Vulnerability
vendor_cisco·2014-11-18·CVSS 5.0
CVE-2014-7992 [MEDIUM] CWE-200 Cisco IOS Software DLSw Information Disclosure Vulnerability
Cisco IOS Software DLSw Information Disclosure Vulnerability
A vulnerability in the DLSw feature of Cisco IOS could allow an unauthenticated, remote attacker to extract information from previously processed packets.
The vulnerability is due to the lack of initialization of packet buffers. An attacker could exploit this vulnerability by connecting to the DLSw port (TCP/2067). An exploit could allow the attacker to extract potentially sensitive information, including clear-text passwords and SNMP community strings from previously processed packets.
This vulnerability was reported to Cisco by Tate Hansen and John McLeod of FishNet Security, and Kyle Rainey.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacke
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992http://tools.cisco.com/security/center/viewAlert.x?alertId=36453http://www.securityfocus.com/bid/71145http://www.securitytracker.com/id/1031220https://exchange.xforce.ibmcloud.com/vulnerabilities/98724http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992http://tools.cisco.com/security/center/viewAlert.x?alertId=36453http://www.securityfocus.com/bid/71145http://www.securitytracker.com/id/1031220https://exchange.xforce.ibmcloud.com/vulnerabilities/98724
2014-11-18
Published