Details of VAR-201408-0153

ID

VAR-201408-0153

CVE

CVE-2014-3327

TITLE

Cisco IOS and IOS XE of EnergyWise Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-003733

DESCRIPTION

The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCup52101. https://tools.cisco.com/bugsearch/bug/CSCup52101

Trust: 2.52

sources: NVD: CVE-2014-3327 // JVNDB: JVNDB-2014-003733 // CNVD: CNVD-2014-04856 // BID: 69066 // VULHUB: VHN-71267

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04856

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.00.xo.15.0\(2\)xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.xxo	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.xsg	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.5.xe	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.3e	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.xsg	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0se	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 se1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2se	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ez	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 se1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 se	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ey2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ex3	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-04856 // BID: 69066 // JVNDB: JVNDB-2014-003733 // CNNVD: CNNVD-201408-098 // NVD: CVE-2014-3327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3327
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3327
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-04856
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201408-098
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71267
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3327
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04856
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71267
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04856 // VULHUB: VHN-71267 // JVNDB: JVNDB-2014-003733 // CNNVD: CNNVD-201408-098 // NVD: CVE-2014-3327

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71267 // JVNDB: JVNDB-2014-003733 // NVD: CVE-2014-3327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-098

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201408-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003733

PATCH

title:	34962	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34962	Trust: 0.8
title:	cisco-sa-20140806-energywise	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise	Trust: 0.8
title:	35091	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35091	Trust: 0.8
title:	cisco-sa-20140806-energywise	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122821_cisco-sa-20140806-energywise-j.html	Trust: 0.8
title:	Patch for Cisco IOS and IOS XE Software Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/48418	Trust: 0.6

sources: CNVD: CNVD-2014-04856 // JVNDB: JVNDB-2014-003733

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3327	Trust: 3.4
db:	BID	id:	69066	Trust: 2.6
db:	SECUNIA	id:	60650	Trust: 1.7
db:	SECTRACK	id:	1030682	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003733	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-098	Trust: 0.7
db:	OSVDB	id:	109861	Trust: 0.6
db:	CNVD	id:	CNVD-2014-04856	Trust: 0.6
db:	VULHUB	id:	VHN-71267	Trust: 0.1

sources: CNVD: CNVD-2014-04856 // VULHUB: VHN-71267 // BID: 69066 // JVNDB: JVNDB-2014-003733 // CNNVD: CNNVD-201408-098 // NVD: CVE-2014-3327

REFERENCES

url:	http://www.securityfocus.com/bid/69066	Trust: 2.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140806-energywise	Trust: 2.3
url:	http://secunia.com/advisories/60650	Trust: 1.7
url:	http://www.securitytracker.com/id/1030682	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95137	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3327	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3327	Trust: 0.8
url:	http://osvdb.com/show/osvdb/109861	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2014-04856 // VULHUB: VHN-71267 // BID: 69066 // JVNDB: JVNDB-2014-003733 // CNNVD: CNNVD-201408-098 // NVD: CVE-2014-3327

CREDITS

Cisco

Trust: 0.9

sources: BID: 69066 // CNNVD: CNNVD-201408-098

SOURCES

db:	CNVD	id:	CNVD-2014-04856
db:	VULHUB	id:	VHN-71267
db:	BID	id:	69066
db:	JVNDB	id:	JVNDB-2014-003733
db:	CNNVD	id:	CNNVD-201408-098
db:	NVD	id:	CVE-2014-3327

LAST UPDATE DATE

2024-11-23T23:02:44.508000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04856	date:	2014-08-08T00:00:00
db:	VULHUB	id:	VHN-71267	date:	2017-08-29T00:00:00
db:	BID	id:	69066	date:	2014-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-003733	date:	2014-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201408-098	date:	2014-08-12T00:00:00
db:	NVD	id:	CVE-2014-3327	date:	2024-11-21T02:07:52.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04856	date:	2014-08-08T00:00:00
db:	VULHUB	id:	VHN-71267	date:	2014-08-11T00:00:00
db:	BID	id:	69066	date:	2014-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-003733	date:	2014-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201408-098	date:	2014-08-08T00:00:00
db:	NVD	id:	CVE-2014-3327	date:	2014-08-11T22:55:04.617