What is CVE-2014-7992?

CVE-2014-7992 is a vulnerability in Cisco Ios, classified under Information Disclosure. Published 2014-11-18.

Is CVE-2014-7992 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Cisco Ios

CVE-2014-7992

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

Vulnerability class: Information Disclosure

EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.

Affected products

Cisco Ios
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

1031220 (vdb-entry, x_refsource_SECTRACK)
20141117 Cisco IOS DLSw Information Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
ciscoios-cve20147992-info-disc(98724) (vdb-entry, x_refsource_XF)
71145 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-7992?: CVE-2014-7992 is a vulnerability in Cisco Ios, classified under Information Disclosure. Published 2014-11-18.
Is CVE-2014-7992 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.