CVE-2014-0685 : Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

Published 2014-05-07 10:55:05

Updated 2014-05-07 16:05:34

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-0685

Probability of exploitation activity in the next 30 days: 0.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0685

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-0685

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0685

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685

Cisco Nexus 1000V Access Control List Bypass Vulnerability
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34130

Cisco Nexus 1000V Access Control List Bypass Vulnerability
Vendor Advisory

Products affected by CVE-2014-0685

Cisco » Cisco Nexus 1000v Intercloud » For Vmware
Versions up to, including, (<=) 5.2\(1\)ic1\(1.2\)
cpe:2.3:a:cisco:cisco_nexus_1000v_intercloud:*:*:*:*:*:vmware:*:*
Matching versions

Vulnerability Details : CVE-2014-0685

Exploit prediction scoring system (EPSS) score for CVE-2014-0685

CVSS scores for CVE-2014-0685

CWE ids for CVE-2014-0685

References for CVE-2014-0685

Products affected by CVE-2014-0685