Details of VAR-201405-0349

ID

VAR-201405-0349

CVE

CVE-2014-3276

TITLE

Cisco Identity Services Engine Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002650

DESCRIPTION

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780. Cisco Identity Services Engine (ISE) is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the RADIUS process to hang, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuo56780. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A security vulnerability existed in Cisco ISE 1.2 and earlier versions due to the program's improper handling of deadlock conditions

Trust: 1.98

sources: NVD: CVE-2014-3276 // JVNDB: JVNDB-2014-002650 // BID: 67556 // VULHUB: VHN-71216

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.2	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.2(.1 patch 2)	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2	Trust: 0.6

sources: JVNDB: JVNDB-2014-002650 // CNNVD: CNNVD-201405-476 // NVD: CVE-2014-3276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3276
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3276
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-476
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71216
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3276
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71216
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71216 // JVNDB: JVNDB-2014-002650 // CNNVD: CNNVD-201405-476 // NVD: CVE-2014-3276

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.1
problemtype:	CWE-DesignError	Trust: 0.8

sources: VULHUB: VHN-71216 // JVNDB: JVNDB-2014-002650 // NVD: CVE-2014-3276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-476

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201405-476

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002650

PATCH

title:	Cisco ISE RADIUS Service Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276	Trust: 0.8
title:	34329	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34329	Trust: 0.8

sources: JVNDB: JVNDB-2014-002650

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3276	Trust: 2.8
db:	SECTRACK	id:	1030274	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002650	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-476	Trust: 0.7
db:	CISCO	id:	20140521 CISCO ISE RADIUS SERVICE DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	67556	Trust: 0.4
db:	VULHUB	id:	VHN-71216	Trust: 0.1

sources: VULHUB: VHN-71216 // BID: 67556 // JVNDB: JVNDB-2014-002650 // CNNVD: CNNVD-201405-476 // NVD: CVE-2014-3276

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3276	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34329	Trust: 1.7
url:	http://www.securitytracker.com/id/1030274	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3276	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3276	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71216 // BID: 67556 // JVNDB: JVNDB-2014-002650 // CNNVD: CNNVD-201405-476 // NVD: CVE-2014-3276

CREDITS

Cisco

Trust: 0.3

sources: BID: 67556

SOURCES

db:	VULHUB	id:	VHN-71216
db:	BID	id:	67556
db:	JVNDB	id:	JVNDB-2014-002650
db:	CNNVD	id:	CNNVD-201405-476
db:	NVD	id:	CVE-2014-3276

LAST UPDATE DATE

2024-11-23T22:31:19.663000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71216	date:	2016-09-07T00:00:00
db:	BID	id:	67556	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002650	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-476	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3276	date:	2024-11-21T02:07:46.573

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71216	date:	2014-05-26T00:00:00
db:	BID	id:	67556	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002650	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-476	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3276	date:	2014-05-26T00:25:31.470