SB2014032702 - Multiple vulnerabilities in Nextcloud ios
Published: March 27, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2014-3361)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
2) Input validation error (CVE-ID: CVE-2014-2109)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
3) Input validation error (CVE-ID: CVE-2014-2111)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
4) Input validation error (CVE-ID: CVE-2014-2112)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
Remediation
Install update from vendor's website.
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat/cvrf/cisco-sa-20140924-nat_cvrf.xml
- http://www.securityfocus.com/bid/70129
- http://www.securitytracker.com/id/1030896
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96181
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat
- http://www.securityfocus.com/bid/66470
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
- http://www.securityfocus.com/bid/66462