Details of VAR-201405-0365

ID

VAR-201405-0365

CVE

CVE-2014-3270

TITLE

Cisco IOS XR of DHCPv6 Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002554

DESCRIPTION

The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Attackers can exploit this issue to cause the affected device to hang, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCul80924

Trust: 2.52

sources: NVD: CVE-2014-3270 // JVNDB: JVNDB-2014-002554 // CNVD: CNVD-2014-03191 // BID: 67492 // VULHUB: VHN-71210

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03191

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	lte	version:	4.3(.2)	Trust: 0.8
vendor:	cisco	model:	ios software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-03191 // JVNDB: JVNDB-2014-002554 // CNNVD: CNNVD-201405-388 // NVD: CVE-2014-3270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3270
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3270
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03191
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201405-388
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71210
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3270
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03191
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71210
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-03191 // VULHUB: VHN-71210 // JVNDB: JVNDB-2014-002554 // CNNVD: CNNVD-201405-388 // NVD: CVE-2014-3270

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71210 // JVNDB: JVNDB-2014-002554 // NVD: CVE-2014-3270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-388

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-388

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002554

PATCH

title:	Cisco IOS XR Software DHCP Version 6 Process Hang Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3270	Trust: 0.8
title:	34288	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34288	Trust: 0.8
title:	Patch for Cisco IOS XR Software DHCPv6 Message Request Handling Denial of Service Vulnerability (CNVD-2014-03191)	url:	https://www.cnvd.org.cn/patchInfo/show/45841	Trust: 0.6

sources: CNVD: CNVD-2014-03191 // JVNDB: JVNDB-2014-002554

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3270	Trust: 3.4
db:	SECTRACK	id:	1030259	Trust: 1.1
db:	BID	id:	67492	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002554	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-388	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03191	Trust: 0.6
db:	CISCO	id:	20140519 CISCO IOS XR SOFTWARE DHCP VERSION 6 PROCESS HANG VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71210	Trust: 0.1

sources: CNVD: CNVD-2014-03191 // VULHUB: VHN-71210 // BID: 67492 // JVNDB: JVNDB-2014-002554 // CNNVD: CNNVD-201405-388 // NVD: CVE-2014-3270

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3270	Trust: 2.3
url:	http://www.securitytracker.com/id/1030259	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3270	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3270	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-03191 // VULHUB: VHN-71210 // BID: 67492 // JVNDB: JVNDB-2014-002554 // CNNVD: CNNVD-201405-388 // NVD: CVE-2014-3270

CREDITS

Cisco

Trust: 0.3

sources: BID: 67492

SOURCES

db:	CNVD	id:	CNVD-2014-03191
db:	VULHUB	id:	VHN-71210
db:	BID	id:	67492
db:	JVNDB	id:	JVNDB-2014-002554
db:	CNNVD	id:	CNNVD-201405-388
db:	NVD	id:	CVE-2014-3270

LAST UPDATE DATE

2024-11-23T22:59:40.811000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03191	date:	2014-05-23T00:00:00
db:	VULHUB	id:	VHN-71210	date:	2016-09-07T00:00:00
db:	BID	id:	67492	date:	2014-05-21T01:03:00
db:	JVNDB	id:	JVNDB-2014-002554	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-388	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3270	date:	2024-11-21T02:07:45.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03191	date:	2014-05-23T00:00:00
db:	VULHUB	id:	VHN-71210	date:	2014-05-20T00:00:00
db:	BID	id:	67492	date:	2014-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-002554	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-388	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3270	date:	2014-05-20T11:13:38.203