CVE-2014-7992

Published: Nov 18, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

Affected (1)

Products: Cisco: Ios

Cisco

1 product

Ios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=36453

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71145

Source: psirt@cisco.com

http://www.securitytracker.com/id/1031220

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/98724

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992