|
Port 514 Details
known port assignments and vulnerabilities
threat/application/port search:
| Port(s) |
Protocol |
Service |
Details |
Source |
| 514 |
tcp |
shell |
Used by rsh and (also rcp), interactive shell without any logging.
Citrix NetScaler appliance MAS syslog port.
Splunk (big data analysis software) uses the following ports by default:
514 - network input port
8000 - web port (clients accessing the Splunk search page)
8080 - index replication port
8089 - management port (splunkd, aslo used by deployment server)
9997 - indexing port (web interface)
9998 - SSL port
Fortinet FortiGate uses the following ports (in addition to standard ports 53, 80, 443):
514 tcp - FortiAP logging and reporting
541 tcp, 542 tcp - FortiGuard management
703 tcp/udp. 730 udp - FortiGate heartbeat
1000 tcp, 1003 tcp - policy override keepalive
1700 tcp - FortiAuthenticator RADIUS disconnect
5246 udp - FortiAP-S event logs
8000, 8001 tcp - FortiClient SSO mobility agent
8008, 8010 tcp - policy override authentication
8013 tcp - FortiClient v.5.4
8014 tcp - Forticlient v.6
8890 tcp - AV/IPS updates, management, firmware
9443 udp - AV/IPS
9582 tcp - FortiGuard Cloud App DB (flow.fortinet.net)
Games that use this port: America's Army
Malware using this port: RPC Backdoor, Whacky, ADM worm
Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap [CVE-2007-4006].
References: [CVE-2007-4005] [BID-25044] [SECUNIA-26197]
Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514.
References: [CVE-2001-0707]
A vulnerability has been reported in Cisco IOS, which can be exploited to cause a DoS (Denial of Service). The vulnerability is caused due to TCP connection information not being properly validated when connecting to a protocol translation resource and can be exploited to cause a reload via specially crafted packets sent to TCP ports 514 or 544. Successful exploitation requires a vulnerable protocol translation configuration or a Telnet-to-PAD protocol translation ruleset to be configured.
References: [CVE-2013-1147] [SECUNIA-52785] |
SG
|
| 514 |
udp |
applications |
Ooma VoIP - uses UDP port 1194 (VPN tunnel to the Ooma servers for call/setup control), ports 49000-50000 for actual VoIP data, and ports TCP 443, UDP 514, UDP 3480
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port 513 or 514.
Reference: [CVE-2010-4840]
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
References: [CVE-2011-5227] [SECUNIA-47263]
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).
References: [CVE-2022-32294] |
SG
|
| 514 |
tcp |
|
Shell - used to execute non-interactive commands on a remote system (official) |
Wikipedia
|
| 514 |
udp |
|
Syslog - used for system logging (official) |
Wikipedia
|
| 514 |
tcp |
trojan |
ADM worm |
Trojans
|
| 514 |
tcp |
RPCBackdoor |
[trojan] RPC Backdoor |
SANS
|
| 514 |
tcp |
shell |
BSD rshd(8) |
SANS
|
| 514 |
tcp |
shell |
BSD rshd(8) |
Nmap
|
| 514 |
udp |
syslog |
BSD syslogd(8) |
Nmap
|
| 514 |
udp |
syslog |
syslog |
Neophasis
|
| 514 |
tcp |
shell |
"cmd like exec |
IANA
|
|
11 records found
Related ports: 2 4 200 1716 1717 1718 8000 8080 8089 8777 9997 9998 27900 443 1194 3480
|