CVE-2014-2201 - OpenCVE

The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Mds 9000 Nexus 7000 10-slot Nexus 7000 9-slot Nx-os Mds 9100 Nexus 7000 Nexus 7000 18-slot

Configuration 1 [-]

AND

cpe:2.3:o:cisco:nx-os:6.0\(1\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os:6.2\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(1n\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(3\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(3n\):::::::*
	cpe:2.3:o:cisco:nx-os:6.2\(5\):::::::*

OR	cpe:2.3:h:cisco:mds_9000::::::::
	cpe:2.3:h:cisco:mds_9100:-:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2014-05-24T01:00:00

Updated: 2014-05-24T01:57:00

Reserved: 2014-02-25T00:00:00

Link: CVE-2014-2201

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-05-26T00:25:31.767

Modified: 2014-05-27T16:31:27.027

Link: CVE-2014-2201

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-24T01:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-2201", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-2201", "datePublished": "2014-05-24T01:00:00", "dateReserved": "2014-02-25T00:00:00", "dateUpdated": "2014-05-24T01:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "48926DA6-2020-4D4F-AD12-555163C6C352", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "05DDEA84-A3C8-47C0-BA73-48CA7707A73D", "versionEndIncluding": "6.2\\(5a\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "DD54E122-6102-451E-92BF-AF71D98AEBE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(1n\\):*:*:*:*:*:*:*", "matchCriteriaId": "1F0244F2-D8AA-469F-8AFD-655CA4F5F650", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "0C857C0F-B023-4CF7-9916-6735C40425F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(3n\\):*:*:*:*:*:*:*", "matchCriteriaId": "DD503699-A02E-4A62-827F-0906C94448EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "D4C558C0-ECA4-408D-A5DF-2A175E48EAE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "54C0D908-D7BA-48C3-9963-14A3A32A2662", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915."}, {"lang": "es", "value": "Message Transfer Service (MTS) en Cisco NX-OS anterior a 6.2(7) en dispositivos MDS 9000 y 6.0 anterior a 6.0(2) en dispositivos Nexus 7000 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y kernel panic) a trav\u00e9s de un volumen grande de trafico manipulado, tambi\u00e9n conocido como Bug ID CSCtw98915."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "id": "CVE-2014-2201", "lastModified": "2014-05-27T16:31:27.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-26T00:25:31.767", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}