Cisco IPS MainApp SNMP DoS (CSCul49309)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in Cisco IPS Software could allow an unauthenticated,
remote attacker to cause the MainApp to hang intermittently due to
improper handling of SNMP packets sent to the management interface.

Note that, in order to for the remote host to be affected by this issue,
SNMP must be enabled. Also, SNMP v3 users without the 'noAuth' option
enabled will need valid credentials to exploit this issue.

See also :

http://www.nessus.org/u?81d4716c
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2103.html

Solution :

Apply the relevant patch or workaround referenced in Cisco Bug Id
CSCul49309.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 73027 ()

Bugtraq ID: 65864

CVE ID: CVE-2014-2103

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial