VAR-201502-0334
Vulnerability from variot - Updated: 2023-12-18 12:38Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0607. Reason: This candidate is a duplicate of CVE-2015-0607. The wrong ID was used. Notes: All CVE users should reference CVE-2015-0607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-0607 It was removed because it was found to be duplicated. CVE-2015-0607 Please refer to. Cisco IOS of Authentication Proxy The function is RADIUS and TACACS+ Invalid from server AAA There is a vulnerability that bypasses authentication due to improper handling of return codes. Vendors have confirmed this vulnerability Bug ID CSCuo09400 and CSCun16016 It is released as.A third party may be able to bypass authentication through connection attempts that trigger invalid code. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to an authentication-bypass vulnerability. This may lead to further attacks. This issue is tracked by Cisco Bug IDs CSCuo09400 and CSCun16016
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.4\\(1\\)t1"
},
{
"model": "ios software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "BID",
"id": "72794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72794"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01407",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2015-01407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-458",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0607. Reason: This candidate is a duplicate of CVE-2015-0607. The wrong ID was used. Notes: All CVE users should reference CVE-2015-0607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-0607 It was removed because it was found to be duplicated. CVE-2015-0607 Please refer to. Cisco IOS of Authentication Proxy The function is RADIUS and TACACS+ Invalid from server AAA There is a vulnerability that bypasses authentication due to improper handling of return codes. Vendors have confirmed this vulnerability Bug ID CSCuo09400 and CSCun16016 It is released as.A third party may be able to bypass authentication through connection attempts that trigger invalid code. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to an authentication-bypass vulnerability. This may lead to further attacks. \nThis issue is tracked by Cisco Bug IDs CSCuo09400 and CSCun16016",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "BID",
"id": "72794"
},
{
"db": "VULHUB",
"id": "VHN-70127"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2188",
"trust": 3.4
},
{
"db": "BID",
"id": "72794",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-458",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01407",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70127",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "VULHUB",
"id": "VHN-70127"
},
{
"db": "BID",
"id": "72794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"db": "NVD",
"id": "CVE-2014-2188"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"id": "VAR-201502-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "VULHUB",
"id": "VHN-70127"
}
],
"trust": 1.31611503
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
}
]
},
"last_update_date": "2023-12-18T12:38:03.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerability in Authentication Proxy Feature in Cisco IOS Software",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2188"
},
{
"title": "Cisco IOS Software Security Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55843"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2188"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2188"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72794"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "VULHUB",
"id": "VHN-70127"
},
{
"db": "BID",
"id": "72794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"db": "VULHUB",
"id": "VHN-70127"
},
{
"db": "BID",
"id": "72794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"db": "NVD",
"id": "CVE-2014-2188"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"date": "2015-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-70127"
},
{
"date": "2015-02-26T00:00:00",
"db": "BID",
"id": "72794"
},
{
"date": "2015-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"date": "2015-02-27T02:59:00.057000",
"db": "NVD",
"id": "CVE-2014-2188"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01407"
},
{
"date": "2015-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-70127"
},
{
"date": "2015-02-26T00:00:00",
"db": "BID",
"id": "72794"
},
{
"date": "2015-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007946"
},
{
"date": "2023-11-07T02:19:30.650000",
"db": "NVD",
"id": "CVE-2014-2188"
},
{
"date": "2015-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** Delete ** Cisco IOS of Authentication Proxy Vulnerabilities that bypass authentication in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007946"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-458"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…