vulnerability

Cisco IOS: CVE-2014-2146: Improper Input Validation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Sep 22, 2016	May 2, 2018	May 2, 2018

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Sep 22, 2016

Added

May 2, 2018

Modified

May 2, 2018

Description

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

Solution

cisco-ios-upgrade-latest

References

BID-93126
CVE-2014-2146
https://attackerkb.com/topics/CVE-2014-2146

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today