Details of VAR-201409-0396

ID

VAR-201409-0396

CVE

CVE-2014-3342

TITLE

Cisco IOS XR Software Command Line Interface (CLI) Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-05709 // BID: 69735

DESCRIPTION

The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. This issue is tracked by Cisco Bug IDs CSCuq42336, CSCuq76853, CSCuq76873 and CSCuq45383

Trust: 2.52

sources: NVD: CVE-2014-3342 // JVNDB: JVNDB-2014-004173 // CNVD: CNVD-2014-05709 // BID: 69735 // VULHUB: VHN-71282

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-05709

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	cli	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios command-line interface	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	cli	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-05709 // JVNDB: JVNDB-2014-004173 // CNNVD: CNNVD-201409-498 // NVD: CVE-2014-3342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3342
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3342
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-05709
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201409-498
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71282
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3342
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-05709
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71282
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-05709 // VULHUB: VHN-71282 // JVNDB: JVNDB-2014-004173 // CNNVD: CNNVD-201409-498 // NVD: CVE-2014-3342

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-3342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-498

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201409-498

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004173

PATCH

title:	Cisco IOS XR Software Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3342	Trust: 0.8
title:	35675	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35675	Trust: 0.8

sources: JVNDB: JVNDB-2014-004173

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3342	Trust: 3.4
db:	BID	id:	69735	Trust: 2.0
db:	JVNDB	id:	JVNDB-2014-004173	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-498	Trust: 0.7
db:	CNVD	id:	CNVD-2014-05709	Trust: 0.6
db:	VULHUB	id:	VHN-71282	Trust: 0.1

sources: CNVD: CNVD-2014-05709 // VULHUB: VHN-71282 // BID: 69735 // JVNDB: JVNDB-2014-004173 // CNNVD: CNNVD-201409-498 // NVD: CVE-2014-3342

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3342	Trust: 2.3
url:	http://www.securityfocus.com/bid/69735	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95884	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3342	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3342	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-05709 // VULHUB: VHN-71282 // BID: 69735 // JVNDB: JVNDB-2014-004173 // CNNVD: CNNVD-201409-498 // NVD: CVE-2014-3342

CREDITS

Cisco

Trust: 0.3

sources: BID: 69735

SOURCES

db:	CNVD	id:	CNVD-2014-05709
db:	VULHUB	id:	VHN-71282
db:	BID	id:	69735
db:	JVNDB	id:	JVNDB-2014-004173
db:	CNNVD	id:	CNNVD-201409-498
db:	NVD	id:	CVE-2014-3342

LAST UPDATE DATE

2024-11-23T22:02:02.970000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-05709	date:	2014-09-15T00:00:00
db:	VULHUB	id:	VHN-71282	date:	2017-08-29T00:00:00
db:	BID	id:	69735	date:	2014-09-16T05:56:00
db:	JVNDB	id:	JVNDB-2014-004173	date:	2014-09-16T00:00:00
db:	CNNVD	id:	CNNVD-201409-498	date:	2014-09-15T00:00:00
db:	NVD	id:	CVE-2014-3342	date:	2024-11-21T02:07:54.187

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-05709	date:	2014-09-15T00:00:00
db:	VULHUB	id:	VHN-71282	date:	2014-09-12T00:00:00
db:	BID	id:	69735	date:	2014-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-004173	date:	2014-09-16T00:00:00
db:	CNNVD	id:	CNNVD-201409-498	date:	2014-09-15T00:00:00
db:	NVD	id:	CVE-2014-3342	date:	2014-09-12T01:55:06.967