VAR-201401-0333
Vulnerability from variot - Updated: 2025-04-11 23:15The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. Vendors have confirmed this vulnerability Bug ID CSCuh28371 It is released as.Unspecified by a third party WSP Through the packet, top-up payment restrictions may be circumvented. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Because the program failed to properly process some WSP messages, the attacker could browse for free by redirecting the top portal page by sending a specially crafted WSP message. Cisco ASR 5000 Series devices are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuh28371. The vulnerability stems from the fact that the program does not process WSP packets correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5000 series software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "65052"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0669",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00546",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-68162",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0669",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0669",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00546",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-419",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68162",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. Vendors have confirmed this vulnerability Bug ID CSCuh28371 It is released as.Unspecified by a third party WSP Through the packet, top-up payment restrictions may be circumvented. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Because the program failed to properly process some WSP messages, the attacker could browse for free by redirecting the top portal page by sending a specially crafted WSP message. Cisco ASR 5000 Series devices are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug ID CSCuh28371. The vulnerability stems from the fact that the program does not process WSP packets correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "VULHUB",
"id": "VHN-68162"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0669",
"trust": 3.4
},
{
"db": "BID",
"id": "65052",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "102318",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1029666",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56546",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00546",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20140121 CISCO ASR 5000 SERIES GATEWAY GPRS SUPPORT NODE TRAFFIC BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-68162",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"id": "VAR-201401-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
}
],
"trust": 1.1269730199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
}
]
},
"last_update_date": "2025-04-11T23:15:23.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0669"
},
{
"title": "32513",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32513"
},
{
"title": "Cisco ASR 5000 Series Device GPRS Support Node Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0669"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65052"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32513"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102318"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029666"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56546"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90614"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0669"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0669"
},
{
"trust": 0.6,
"url": "http://osvdb.org/show/osvdb/102318"
},
{
"trust": 0.6,
"url": "https://sso.cisco.com/autho/forms/cdclogin.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"db": "VULHUB",
"id": "VHN-68162"
},
{
"db": "BID",
"id": "65052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-68162"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65052"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"date": "2014-01-22T05:22:20.720000",
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00546"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68162"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65052"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001228"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-419"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-0669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Runs on series devices Gateway GPRS Support Node Vulnerability that bypasses top-up payment restrictions in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-419"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…