Details of VAR-201405-0357

ID

VAR-201405-0357

CVE

CVE-2014-3262

TITLE

Cisco IOS and IOS XE of Locator/ID Separation Protocol Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002525

DESCRIPTION

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. Vendors have confirmed this vulnerability Bug ID CSCun73782 It is released as.Service disruption by a third party via a malformed message (CEF Stop and packet drop ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS/OS XE has a security vulnerability in handling LISP control messages. An attacker can exploit this issue to cause an affected device to disable, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCun73782

Trust: 2.52

sources: NVD: CVE-2014-3262 // JVNDB: JVNDB-2014-002525 // CNVD: CNVD-2014-03083 // BID: 67399 // VULHUB: VHN-71202

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03083

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.3s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3m	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)m	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	lte	version:	15.3\(3\)s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lte	version:	15.3(3)s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios 15.3 s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-03083 // BID: 67399 // JVNDB: JVNDB-2014-002525 // CNNVD: CNNVD-201405-292 // NVD: CVE-2014-3262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3262
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3262
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03083
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201405-292
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71202
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3262
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03083
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71202
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-03083 // VULHUB: VHN-71202 // JVNDB: JVNDB-2014-002525 // CNNVD: CNNVD-201405-292 // NVD: CVE-2014-3262

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71202 // JVNDB: JVNDB-2014-002525 // NVD: CVE-2014-3262

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-292

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-292

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002525

PATCH

title:	Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3262	Trust: 0.8
title:	34233	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34233	Trust: 0.8
title:	Patch for Cisco IOS/OS XE Software LISP Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45692	Trust: 0.6

sources: CNVD: CNVD-2014-03083 // JVNDB: JVNDB-2014-002525

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3262	Trust: 3.4
db:	SECTRACK	id:	1030243	Trust: 1.1
db:	BID	id:	67399	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002525	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-292	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03083	Trust: 0.6
db:	CISCO	id:	20140514 CISCO IOS SOFTWARE AND IOS XE SOFTWARE LISP DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71202	Trust: 0.1

sources: CNVD: CNVD-2014-03083 // VULHUB: VHN-71202 // BID: 67399 // JVNDB: JVNDB-2014-002525 // CNNVD: CNNVD-201405-292 // NVD: CVE-2014-3262

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34233	Trust: 2.3
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3262	Trust: 1.7
url:	http://www.securitytracker.com/id/1030243	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3262	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3262	Trust: 0.8
url:	http://www.cisco.com/public/sw-center/sw-ios.shtml	Trust: 0.3

sources: CNVD: CNVD-2014-03083 // VULHUB: VHN-71202 // BID: 67399 // JVNDB: JVNDB-2014-002525 // CNNVD: CNNVD-201405-292 // NVD: CVE-2014-3262

CREDITS

Cisco

Trust: 0.3

sources: BID: 67399

SOURCES

db:	CNVD	id:	CNVD-2014-03083
db:	VULHUB	id:	VHN-71202
db:	BID	id:	67399
db:	JVNDB	id:	JVNDB-2014-002525
db:	CNNVD	id:	CNNVD-201405-292
db:	NVD	id:	CVE-2014-3262

LAST UPDATE DATE

2024-11-23T22:13:43.053000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03083	date:	2014-05-20T00:00:00
db:	VULHUB	id:	VHN-71202	date:	2016-09-07T00:00:00
db:	BID	id:	67399	date:	2014-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-002525	date:	2014-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201405-292	date:	2014-05-19T00:00:00
db:	NVD	id:	CVE-2014-3262	date:	2024-11-21T02:07:45

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03083	date:	2014-05-19T00:00:00
db:	VULHUB	id:	VHN-71202	date:	2014-05-16T00:00:00
db:	BID	id:	67399	date:	2014-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-002525	date:	2014-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201405-292	date:	2014-05-19T00:00:00
db:	NVD	id:	CVE-2014-3262	date:	2014-05-16T11:12:01.040