Details of VAR-201407-0390

ID

VAR-201407-0390

CVE

CVE-2014-3328

TITLE

Cisco Unified Presence Server of Intercluster Sync Agent Service Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-003592

DESCRIPTION

The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. Vendors have confirmed this vulnerability Bug ID CSCun34125 It is released as. Supplementary information : CWE Vulnerability type by CWE-400: Uncontrolled Resource Consumption ( Resource depletion ) Has been identified. http://cwe.mitre.org/data/definitions/400.htmlBy a third party TCP SYN Service disruption via flood (DoS) There is a possibility of being put into a state. This component is responsible for collecting the user's availability status and communication capability information

Trust: 2.07

sources: NVD: CVE-2014-3328 // JVNDB: JVNDB-2014-003592 // BID: 68901 // VULHUB: VHN-71268 // VULMON: CVE-2014-3328

AFFECTED PRODUCTS

vendor:	cisco	model:	unified presence server	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified presence server	scope:	eq	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified presence server	scope:	-	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2014-003592 // CNNVD: CNNVD-201407-630 // NVD: CVE-2014-3328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3328
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3328
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201407-630
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71268
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3328
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3328
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-71268
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71268 // VULMON: CVE-2014-3328 // JVNDB: JVNDB-2014-003592 // CNNVD: CNNVD-201407-630 // NVD: CVE-2014-3328

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-71268 // JVNDB: JVNDB-2014-003592 // NVD: CVE-2014-3328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-630

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 68901

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003592

PATCH

title:	Cisco Unified Presence Server Sync Agent Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328	Trust: 0.8
title:	35052	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35052	Trust: 0.8
title:	Cisco: Cisco Unified Presence Server Sync Agent Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140728-CVE-2014-3328	Trust: 0.1

sources: VULMON: CVE-2014-3328 // JVNDB: JVNDB-2014-003592

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3328	Trust: 2.9
db:	BID	id:	68901	Trust: 1.5
db:	SECTRACK	id:	1030643	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-003592	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-630	Trust: 0.7
db:	VULHUB	id:	VHN-71268	Trust: 0.1
db:	VULMON	id:	CVE-2014-3328	Trust: 0.1

sources: VULHUB: VHN-71268 // VULMON: CVE-2014-3328 // BID: 68901 // JVNDB: JVNDB-2014-003592 // CNNVD: CNNVD-201407-630 // NVD: CVE-2014-3328

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3328	Trust: 1.8
url:	http://www.securityfocus.com/bid/68901	Trust: 1.2
url:	http://www.securitytracker.com/id/1030643	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/94879	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3328	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3328	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140728-cve-2014-3328	Trust: 0.1

sources: VULHUB: VHN-71268 // VULMON: CVE-2014-3328 // BID: 68901 // JVNDB: JVNDB-2014-003592 // CNNVD: CNNVD-201407-630 // NVD: CVE-2014-3328

CREDITS

Cisco

Trust: 0.3

sources: BID: 68901

SOURCES

db:	VULHUB	id:	VHN-71268
db:	VULMON	id:	CVE-2014-3328
db:	BID	id:	68901
db:	JVNDB	id:	JVNDB-2014-003592
db:	CNNVD	id:	CNNVD-201407-630
db:	NVD	id:	CVE-2014-3328

LAST UPDATE DATE

2024-11-23T22:52:51.538000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71268	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2014-3328	date:	2017-08-29T00:00:00
db:	BID	id:	68901	date:	2014-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-003592	date:	2014-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201407-630	date:	2014-07-29T00:00:00
db:	NVD	id:	CVE-2014-3328	date:	2024-11-21T02:07:52.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71268	date:	2014-07-26T00:00:00
db:	VULMON	id:	CVE-2014-3328	date:	2014-07-26T00:00:00
db:	BID	id:	68901	date:	2014-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-003592	date:	2014-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201407-630	date:	2014-07-29T00:00:00
db:	NVD	id:	CVE-2014-3328	date:	2014-07-26T11:11:57.270