var-201401-0333
Vulnerability from variot
The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. Vendors have confirmed this vulnerability Bug ID CSCuh28371 It is released as.Unspecified by a third party WSP Through the packet, top-up payment restrictions may be circumvented. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Because the program failed to properly process some WSP messages, the attacker could browse for free by redirecting the top portal page by sending a specially crafted WSP message. Cisco ASR 5000 Series devices are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuh28371. The vulnerability stems from the fact that the program does not process WSP packets correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5000 series software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "65052"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0669",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00546",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-68162",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0669",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0669",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00546",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-419",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68162",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. Vendors have confirmed this vulnerability Bug ID CSCuh28371 It is released as.Unspecified by a third party WSP Through the packet, top-up payment restrictions may be circumvented. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Because the program failed to properly process some WSP messages, the attacker could browse for free by redirecting the top portal page by sending a specially crafted WSP message. Cisco ASR 5000 Series devices are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug ID CSCuh28371. The vulnerability stems from the fact that the program does not process WSP packets correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "VULHUB",
"id": "VHN-68162"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0669",
"trust": 3.4
},
{
"db": "BID",
"id": "65052",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "102318",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1029666",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56546",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00546",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20140121 CISCO ASR 5000 SERIES GATEWAY GPRS SUPPORT NODE TRAFFIC BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-68162",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"id": "VAR-201401-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
}
],
"trust": 1.1269730199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
}
]
},
"last_update_date": "2024-11-23T22:02:18.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0669"
},
{
"title": "32513",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32513"
},
{
"title": "Cisco ASR 5000 Series Device GPRS Support Node Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0669"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65052"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32513"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102318"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029666"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56546"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90614"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0669"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0669"
},
{
"trust": 0.6,
"url": "http://osvdb.org/show/osvdb/102318"
},
{
"trust": 0.6,
"url": "https://sso.cisco.com/autho/forms/cdclogin.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-68162"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65052"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"date": "2014-01-22T05:22:20.720000",
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68162"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65052"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"date": "2024-11-21T02:02:37.680000",
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Runs on series devices Gateway GPRS Support Node Vulnerability that bypasses top-up payment restrictions in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…