Details of VAR-201407-0372

ID

VAR-201407-0372

CVE

CVE-2014-3308

TITLE

Cisco IOS XR Software Static Punt Policer Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-04083 // BID: 68351

DESCRIPTION

Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. Vendors have confirmed this vulnerability Bug ID CSCun83985 It is released as.A third party can send a large number of crafted packets to disrupt service operations. (CPU Resource consumption ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. On the Trident line card of the Cisco ASR 9000 series router, there is a security hole in the implementation of punt-police. Cisco IOS XR is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCun83985. The vulnerability stems from the lack of a static punt policer in the software

Trust: 2.52

sources: NVD: CVE-2014-3308 // JVNDB: JVNDB-2014-003228 // CNVD: CNVD-2014-04083 // BID: 68351 // VULHUB: VHN-71248

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04083

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	asr 9000 rsp440 router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9912	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9922	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9006	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9904	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	asr 9010	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9000 series rsp440	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9010 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9904 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9912 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9922 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xr	scope:	eq	version:	none	Trust: 0.8
vendor:	cisco	model:	ios xr	scope:	eq	version:	software 5.1	Trust: 0.8

sources: CNVD: CNVD-2014-04083 // JVNDB: JVNDB-2014-003228 // CNNVD: CNNVD-201407-180 // NVD: CVE-2014-3308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3308
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3308
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04083
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-180
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71248
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3308
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04083
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71248
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04083 // VULHUB: VHN-71248 // JVNDB: JVNDB-2014-003228 // CNNVD: CNNVD-201407-180 // NVD: CVE-2014-3308

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71248 // JVNDB: JVNDB-2014-003228 // NVD: CVE-2014-3308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-180

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201407-180

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003228

PATCH

title:	Cisco IOS XR Software Punt Policer Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308	Trust: 0.8
title:	34843	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34843	Trust: 0.8
title:	Cisco IOS XR Software Static Punt Policer Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/47170	Trust: 0.6

sources: CNVD: CNVD-2014-04083 // JVNDB: JVNDB-2014-003228

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3308	Trust: 3.4
db:	BID	id:	68351	Trust: 2.0
db:	SECTRACK	id:	1030525	Trust: 1.1
db:	SECUNIA	id:	58869	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003228	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-180	Trust: 0.7
db:	CNVD	id:	CNVD-2014-04083	Trust: 0.6
db:	VULHUB	id:	VHN-71248	Trust: 0.1

sources: CNVD: CNVD-2014-04083 // VULHUB: VHN-71248 // BID: 68351 // JVNDB: JVNDB-2014-003228 // CNNVD: CNNVD-201407-180 // NVD: CVE-2014-3308

REFERENCES

url:	http://www.securityfocus.com/bid/68351	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3308	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34843	Trust: 1.1
url:	http://www.securitytracker.com/id/1030525	Trust: 1.1
url:	http://secunia.com/advisories/58869	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3308	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3308	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-04083 // VULHUB: VHN-71248 // BID: 68351 // JVNDB: JVNDB-2014-003228 // CNNVD: CNNVD-201407-180 // NVD: CVE-2014-3308

CREDITS

Cisco

Trust: 0.3

sources: BID: 68351

SOURCES

db:	CNVD	id:	CNVD-2014-04083
db:	VULHUB	id:	VHN-71248
db:	BID	id:	68351
db:	JVNDB	id:	JVNDB-2014-003228
db:	CNNVD	id:	CNNVD-201407-180
db:	NVD	id:	CVE-2014-3308

LAST UPDATE DATE

2024-11-23T22:42:33.371000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04083	date:	2014-07-07T00:00:00
db:	VULHUB	id:	VHN-71248	date:	2017-01-12T00:00:00
db:	BID	id:	68351	date:	2014-07-08T15:17:00
db:	JVNDB	id:	JVNDB-2014-003228	date:	2014-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201407-180	date:	2014-07-09T00:00:00
db:	NVD	id:	CVE-2014-3308	date:	2024-11-21T02:07:50.213

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04083	date:	2014-07-07T00:00:00
db:	VULHUB	id:	VHN-71248	date:	2014-07-07T00:00:00
db:	BID	id:	68351	date:	2014-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-003228	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201407-180	date:	2014-07-08T00:00:00
db:	NVD	id:	CVE-2014-3308	date:	2014-07-07T11:01:30.227