CVE-2014-0685

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34130	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34130	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:cisco_nexus_1000v_intercloud:*:*:*:*:*:vmware:*:*

History

21 Nov 2024, 02:02

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685 - Vendor Advisory
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=34130 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=34130 - Vendor Advisory

Information

Published : 2014-05-07 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-0685

Mitre link : CVE-2014-0685

CVE.ORG link : CVE-2014-0685

JSON object : View

Products Affected

cisco

cisco_nexus_1000v_intercloud

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-0685", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-07T10:55:04.727", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691."}, {"lang": "es", "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) y anteriores para VMware permite a atacantes remotos evadir declaraciones de denegaci\u00f3n ACL a trav\u00e9s de paquetes (1) IGMPv2 o (2) IGMPv3 manipulados, tambi\u00e9n conocido como Bug ID CSCug61691."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:cisco_nexus_1000v_intercloud:*:*:*:*:*:vmware:*:*", "vulnerable": true, "matchCriteriaId": "B27DE979-2025-4745-AB0C-01F214B304B7", "versionEndIncluding": "5.2\\(1\\)ic1\\(1.2\\)"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}