Vulnerability-Lookup

CVE-2014-0685 (GCVE-0-2014-0685)

Vulnerability from cvelistv5 – Published: 2014-05-07 10:00 – Updated: 2024-08-06 09:27

Summary

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GSD-2014-0685

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

Aliases

CVE-2014-0685

Aliases

CVE-2014-0685

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0685",
    "description": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.",
    "id": "GSD-2014-0685"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0685"
      ],
      "details": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.",
      "id": "GSD-2014-0685",
      "modified": "2023-12-13T01:22:44.431126Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-0685",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20140505 Cisco Nexus 1000V Access Control List Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685"
          },
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_nexus_1000v_intercloud:*:*:*:*:*:vmware:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2\\(1\\)ic1\\(1.2\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0685"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140505 Cisco Nexus 1000V Access Control List Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-05-07T16:05Z",
      "publishedDate": "2014-05-07T10:55Z"
    }
  }
}

VAR-201405-0171

Vulnerability from variot - Updated: 2025-04-13 23:18

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The Cisco NX-OS Nexus 1000V has security vulnerabilities. Because the access control list lacks support for IGMPv2 and IGMPv3, remote attackers can send IGMPv2 and IGMPv3 communications to bypass the 'deny' statement in the access control list. An attacker can exploit these issues to bypass certain security restrictions. This may aid in further attacks. These issues are being tracked by Cisco BugID CSCug61691. The software provides Cisco Catalyst switch functions such as QoS, ACL and SPAN in a VMware virtualized environment

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0171",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nexus 1000v intercloud",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.2\\(1\\)ic1\\(1.2\\)"
      },
      {
        "model": "nexus 1000v intercloud",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.2(1)ic1(1.2)"
      },
      {
        "model": "nexus intercloud 5.2 ic1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "nexus 1000v intercloud",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.2\\(1\\)ic1\\(1.2\\)"
      },
      {
        "model": "nexus intercloud for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "BID",
        "id": "67213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:cisco_nexus_1000v_intercloud",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "67213"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0685",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0685",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2014-02911",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-68178",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0685",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0685",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-02911",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-094",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68178",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The Cisco NX-OS Nexus 1000V has security vulnerabilities. Because the access control list lacks support for IGMPv2 and IGMPv3, remote attackers can send IGMPv2 and IGMPv3 communications to bypass the \u0027deny\u0027 statement in the access control list. \nAn attacker can exploit these issues to bypass certain security restrictions. This may aid in further attacks. \nThese issues are being tracked by Cisco BugID CSCug61691. The software provides Cisco Catalyst switch functions such as QoS, ACL and SPAN in a VMware virtualized environment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "BID",
        "id": "67213"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0685",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "67213",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094",
        "trust": 0.7
      },
      {
        "db": "OSVDB",
        "id": "106666",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20140505 CISCO NEXUS 1000V ACCESS CONTROL LIST BYPASS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "db": "BID",
        "id": "67213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "id": "VAR-201405-0171",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:18:22.947000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco Nexus 1000V Access Control List Bypass Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685"
      },
      {
        "title": "34130",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130"
      },
      {
        "title": "Cisco Nexus 1000V IGMPv2/IGMPv3 Access Control Patch for Defective Security Bypass Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/45482"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0685"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34130"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0685"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0685"
      },
      {
        "trust": 0.6,
        "url": "http://osvdb.com/show/osvdb/106666"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "db": "BID",
        "id": "67213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "db": "BID",
        "id": "67213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "date": "2014-05-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "date": "2014-05-05T00:00:00",
        "db": "BID",
        "id": "67213"
      },
      {
        "date": "2014-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "date": "2014-05-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "date": "2014-05-07T10:55:04.727000",
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-02911"
      },
      {
        "date": "2014-05-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68178"
      },
      {
        "date": "2014-05-05T00:00:00",
        "db": "BID",
        "id": "67213"
      },
      {
        "date": "2014-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      },
      {
        "date": "2014-05-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-0685"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMware for  Cisco Nexus 1000V InterCloud In  ACL Vulnerability that avoids rejection statements",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002407"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-094"
      }
    ],
    "trust": 0.6
  }
}

GHSA-6C8C-RMVF-4C76

Vulnerability from github – Published: 2022-05-17 04:44 – Updated: 2022-05-17 04:44

Details

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0685"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-07T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.",
  "id": "GHSA-6c8c-rmvf-4c76",
  "modified": "2022-05-17T04:44:46Z",
  "published": "2022-05-17T04:44:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0685"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-0685

Vulnerability from fkie_nvd - Published: 2014-05-07 10:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685	Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=34130	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=34130	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	cisco_nexus_1000v_intercloud	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:cisco_nexus_1000v_intercloud:*:*:*:*:*:vmware:*:*",
              "matchCriteriaId": "B27DE979-2025-4745-AB0C-01F214B304B7",
              "versionEndIncluding": "5.2\\(1\\)ic1\\(1.2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691."
    },
    {
      "lang": "es",
      "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) y anteriores para VMware permite a atacantes remotos evadir declaraciones de denegaci\u00f3n ACL a trav\u00e9s de paquetes (1) IGMPv2 o (2) IGMPv3 manipulados, tambi\u00e9n conocido como Bug ID CSCug61691."
    }
  ],
  "id": "CVE-2014-0685",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-07T10:55:04.727",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-0685 (GCVE-0-2014-0685)

GSD-2014-0685

VAR-201405-0171

GHSA-6C8C-RMVF-4C76

FKIE_CVE-2014-0685

Tags

Sightings

Nomenclature