Sign-up

ID

VAR-201405-0364


CVE

CVE-2014-3269


TITLE

Cisco IOS XE of SNMP Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002553

DESCRIPTION

The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker could exploit the vulnerability to cause the affected device to reload and refuse to serve legitimate users. This issue is being tracked by Cisco Bug ID CSCug65204

Trust: 2.52

sources: NVD: CVE-2014-3269 // JVNDB: JVNDB-2014-002553 // CNVD: CNVD-2014-03095 // BID: 67459 // VULHUB: VHN-71209

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03095

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.5e

Trust: 2.4

vendor:ciscomodel:ios xr softwarescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-03095 // JVNDB: JVNDB-2014-002553 // CNNVD: CNNVD-201405-387 // NVD: CVE-2014-3269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3269
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3269
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03095
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-387
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71209
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3269
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03095
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71209
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03095 // VULHUB: VHN-71209 // JVNDB: JVNDB-2014-002553 // CNNVD: CNNVD-201405-387 // NVD: CVE-2014-3269

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71209 // JVNDB: JVNDB-2014-002553 // NVD: CVE-2014-3269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-387

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-387

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002553

PATCH
title:Cisco IOS XE Software SNMP Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3269
Trust: 0.8
title:34268url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34268
Trust: 0.8
title:Patch for Cisco IOS XR Software SNMP Request Handling Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/45691
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03095 // 
            
            
            
            JVNDB: JVNDB-2014-002553

EXTERNAL IDS
db:NVDid:CVE-2014-3269
Trust: 3.4
db:BIDid:67459
Trust: 1.0
db:JVNDBid:JVNDB-2014-002553
Trust: 0.8
db:CNNVDid:CNNVD-201405-387
Trust: 0.7
db:CNVDid:CNVD-2014-03095
Trust: 0.6
db:CISCOid:20140516 CISCO IOS XE SOFTWARE SNMP DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-71209
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03095 // 
            
            
            
            VULHUB: VHN-71209 // 
            
            
            
            BID: 67459 // 
            
            
            
            JVNDB: JVNDB-2014-002553 // 
            
            
            
            CNNVD: CNNVD-201405-387 // 
            
            
            
            NVD: CVE-2014-3269

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3269
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34268
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3269
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3269
Trust: 0.8
url:http://www.securityfocus.com/bid/67459
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03095 // 
            
            
            
            VULHUB: VHN-71209 // 
            
            
            
            BID: 67459 // 
            
            
            
            JVNDB: JVNDB-2014-002553 // 
            
            
            
            CNNVD: CNNVD-201405-387 // 
            
            
            
            NVD: CVE-2014-3269

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67459

SOURCES
db:CNVDid:CNVD-2014-03095
db:VULHUBid:VHN-71209
db:BIDid:67459
db:JVNDBid:JVNDB-2014-002553
db:CNNVDid:CNNVD-201405-387
db:NVDid:CVE-2014-3269

LAST UPDATE DATE
2024-11-23T23:02:49.125000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03095date:2014-05-20T00:00:00
db:VULHUBid:VHN-71209date:2014-05-20T00:00:00
db:BIDid:67459date:2014-05-21T00:42:00
db:JVNDBid:JVNDB-2014-002553date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-387date:2014-05-23T00:00:00
db:NVDid:CVE-2014-3269date:2024-11-21T02:07:45.790

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03095date:2014-05-21T00:00:00
db:VULHUBid:VHN-71209date:2014-05-20T00:00:00
db:BIDid:67459date:2014-05-16T00:00:00
db:JVNDBid:JVNDB-2014-002553date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-387date:2014-05-23T00:00:00
db:NVDid:CVE-2014-3269date:2014-05-20T11:13:38.140