CVE-2014-7992

Cisco DLSw Information Disclosure Scanner

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-7992. PoCs published by Tate Hansen, John McLeod, Kyle Rainey, including Metasploit module auxiliary/scanner/dlsw/dlsw_leak_capture.

AI-analyzed exploit summary This Metasploit auxiliary module scans for and exploits CVE-2014-7992, a Cisco DLSw information disclosure vulnerability. It connects to the target on port 2067, checks for the presence of the vulnerability, and captures leaked packet data.

Description

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

Exploits (1)

metasploit SCANNER

by Tate Hansen, John McLeod, Kyle Rainey · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb

View Code ZIP pw:eip

This Metasploit auxiliary module scans for and exploits CVE-2014-7992, a Cisco DLSw information disclosure vulnerability. It connects to the target on port 2067, checks for the presence of the vulnerability, and captures leaked packet data.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cisco IOS 12.x and 15.x with DLSw configured

No auth needed

Prerequisites: DLSw configured and active on the target Cisco router · Network access to TCP port 2067

MITRE ATT&CK

T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031220

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992

Vendor Advisory x_refsource_confirm

http://tools.cisco.com/security/center/viewAlert.x?alertId=36453

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/98724

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/71145

Scores

EPSS 0.2715

EPSS Percentile 97.8%

Details

CWE

CWE-200

Status published

Products (1)

cisco/ios

Published Nov 18, 2014

Tracked Since Feb 18, 2026