CVE-2014-7992

Name of the Vulnerable Software and Affected Versions Cisco IOS (affected versions not specified)

Description The DLSw implementation in Cisco IOS contains a flaw that allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067. This is due to the lack of initialization of packet buffers. An attacker could exploit this vulnerability by connecting to the DLSw port (TCP/2067), potentially extracting sensitive information, including clear-text passwords and SNMP community strings from previously processed packets. The vulnerability was reported by external researchers and confirmed by Cisco, with software updates released as a fix.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.