Details of VAR-201405-0359

ID

VAR-201405-0359

CVE

CVE-2014-3264

TITLE

Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002550

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected system to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCun69561

Trust: 1.98

sources: NVD: CVE-2014-3264 // JVNDB: JVNDB-2014-002550 // BID: 67547 // VULHUB: VHN-71204

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.1\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.1(.5)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5.28\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7\(1.1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5.31\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(4\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.15	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.14.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.13.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.12.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.11.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.13.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.12.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.56	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.49	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.45	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.43	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.41	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.39	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.38	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.28	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.13.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 0.3

sources: BID: 67547 // JVNDB: JVNDB-2014-002550 // CNNVD: CNNVD-201405-384 // NVD: CVE-2014-3264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3264
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3264
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-384
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3264
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71204
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71204 // JVNDB: JVNDB-2014-002550 // CNNVD: CNNVD-201405-384 // NVD: CVE-2014-3264

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-71204 // JVNDB: JVNDB-2014-002550 // NVD: CVE-2014-3264

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-384

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201405-384

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002550

PATCH

title:	Cisco ASA Crafter RADIUS Packets Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3264	Trust: 0.8
title:	34273	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34273	Trust: 0.8
title:	Cisco ASA Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194623	Trust: 0.6

sources: JVNDB: JVNDB-2014-002550 // CNNVD: CNNVD-201405-384

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3264	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002550	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-384	Trust: 0.7
db:	BID	id:	67547	Trust: 0.4
db:	VULHUB	id:	VHN-71204	Trust: 0.1

sources: VULHUB: VHN-71204 // BID: 67547 // JVNDB: JVNDB-2014-002550 // CNNVD: CNNVD-201405-384 // NVD: CVE-2014-3264

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3264	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34273	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3264	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3264	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71204 // BID: 67547 // JVNDB: JVNDB-2014-002550 // CNNVD: CNNVD-201405-384 // NVD: CVE-2014-3264

CREDITS

Cisco

Trust: 0.3

sources: BID: 67547

SOURCES

db:	VULHUB	id:	VHN-71204
db:	BID	id:	67547
db:	JVNDB	id:	JVNDB-2014-002550
db:	CNNVD	id:	CNNVD-201405-384
db:	NVD	id:	CVE-2014-3264

LAST UPDATE DATE

2024-11-23T22:13:43.022000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71204	date:	2014-05-20T00:00:00
db:	BID	id:	67547	date:	2014-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-002550	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-384	date:	2022-06-06T00:00:00
db:	NVD	id:	CVE-2014-3264	date:	2024-11-21T02:07:45.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71204	date:	2014-05-20T00:00:00
db:	BID	id:	67547	date:	2014-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-002550	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-384	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3264	date:	2014-05-20T11:13:37.953