Details of VAR-201405-0366

ID

VAR-201405-0366

CVE

CVE-2014-3271

TITLE

Cisco IOS XR of DHCPv6 Denial of service in implementation (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002555

DESCRIPTION

The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Attackers can exploit this issue to cause the affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149

Trust: 2.52

sources: NVD: CVE-2014-3271 // JVNDB: JVNDB-2014-002555 // CNVD: CNVD-2014-03190 // BID: 67488 // VULHUB: VHN-71211

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03190

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.1	Trust: 0.8
vendor:	cisco	model:	ios software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-03190 // JVNDB: JVNDB-2014-002555 // CNNVD: CNNVD-201405-389 // NVD: CVE-2014-3271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3271
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3271
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03190
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201405-389
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71211
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3271
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03190
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71211
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-03190 // VULHUB: VHN-71211 // JVNDB: JVNDB-2014-002555 // CNNVD: CNNVD-201405-389 // NVD: CVE-2014-3271

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71211 // JVNDB: JVNDB-2014-002555 // NVD: CVE-2014-3271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-389

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-389

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002555

PATCH

title:	Cisco IOS XR Software DHCP Version 6 Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3271	Trust: 0.8
title:	34289	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34289	Trust: 0.8
title:	\302\240\302\240\302\240\302\240\302\240Patch for Cisco IOS XR Software DHCPv6 Message Request Handling Denial of Service Vulnerability (CNVD-2014-03190)	url:	https://www.cnvd.org.cn/patchInfo/show/45842	Trust: 0.6

sources: CNVD: CNVD-2014-03190 // JVNDB: JVNDB-2014-002555

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3271	Trust: 3.4
db:	SECTRACK	id:	1030259	Trust: 1.1
db:	BID	id:	67488	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002555	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-389	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03190	Trust: 0.6
db:	CISCO	id:	20140519 CISCO IOS XR SOFTWARE DHCP VERSION 6 DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71211	Trust: 0.1

sources: CNVD: CNVD-2014-03190 // VULHUB: VHN-71211 // BID: 67488 // JVNDB: JVNDB-2014-002555 // CNNVD: CNNVD-201405-389 // NVD: CVE-2014-3271

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3271	Trust: 2.3
url:	http://www.securitytracker.com/id/1030259	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3271	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3271	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-03190 // VULHUB: VHN-71211 // BID: 67488 // JVNDB: JVNDB-2014-002555 // CNNVD: CNNVD-201405-389 // NVD: CVE-2014-3271

CREDITS

Cisco

Trust: 0.3

sources: BID: 67488

SOURCES

db:	CNVD	id:	CNVD-2014-03190
db:	VULHUB	id:	VHN-71211
db:	BID	id:	67488
db:	JVNDB	id:	JVNDB-2014-002555
db:	CNNVD	id:	CNNVD-201405-389
db:	NVD	id:	CVE-2014-3271

LAST UPDATE DATE

2024-11-23T22:59:40.776000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03190	date:	2014-05-23T00:00:00
db:	VULHUB	id:	VHN-71211	date:	2016-09-07T00:00:00
db:	BID	id:	67488	date:	2014-05-21T00:43:00
db:	JVNDB	id:	JVNDB-2014-002555	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-389	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3271	date:	2024-11-21T02:07:46

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03190	date:	2014-05-23T00:00:00
db:	VULHUB	id:	VHN-71211	date:	2014-05-20T00:00:00
db:	BID	id:	67488	date:	2014-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-002555	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-389	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3271	date:	2014-05-20T11:13:38.263