ID

VAR-201409-0397


CVE

CVE-2014-3343


TITLE

Cisco IOS XR Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004130

DESCRIPTION

Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. Attackers can exploit this issue to cause the affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuo59052

Trust: 2.52

sources: NVD: CVE-2014-3343 // JVNDB: JVNDB-2014-004130 // CNVD: CNVD-2014-05598 // BID: 69667 // VULHUB: VHN-71283

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05598

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:5.1.0

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.1

Trust: 0.8

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-05598 // JVNDB: JVNDB-2014-004130 // CNNVD: CNNVD-201409-447 // NVD: CVE-2014-3343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3343
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3343
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-05598
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201409-447
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71283
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3343
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05598
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71283
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-05598 // VULHUB: VHN-71283 // JVNDB: JVNDB-2014-004130 // CNNVD: CNNVD-201409-447 // NVD: CVE-2014-3343

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71283 // JVNDB: JVNDB-2014-004130 // NVD: CVE-2014-3343

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-447

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201409-447

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004130

PATCH

title:Cisco IOS XR Software DHCPv6 Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343

Trust: 0.8

title:35651url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35651

Trust: 0.8

title:Cisco IOS XR Software DHCPv6 Packet Handling Patch for Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/49928

Trust: 0.6

sources: CNVD: CNVD-2014-05598 // JVNDB: JVNDB-2014-004130

EXTERNAL IDS

db:NVDid:CVE-2014-3343

Trust: 3.4

db:BIDid:69667

Trust: 2.0

db:SECUNIAid:60122

Trust: 1.1

db:SECTRACKid:1030816

Trust: 1.1

db:JVNDBid:JVNDB-2014-004130

Trust: 0.8

db:CNNVDid:CNNVD-201409-447

Trust: 0.7

db:CNVDid:CNVD-2014-05598

Trust: 0.6

db:NSFOCUSid:27762

Trust: 0.6

db:VULHUBid:VHN-71283

Trust: 0.1

sources: CNVD: CNVD-2014-05598 // VULHUB: VHN-71283 // BID: 69667 // JVNDB: JVNDB-2014-004130 // CNNVD: CNNVD-201409-447 // NVD: CVE-2014-3343

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3343

Trust: 2.3

url:http://www.securityfocus.com/bid/69667

Trust: 1.7

url:http://tools.cisco.com/security/center/viewalert.x?alertid=35651

Trust: 1.7

url:http://www.securitytracker.com/id/1030816

Trust: 1.1

url:http://secunia.com/advisories/60122

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95781

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3343

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3343

Trust: 0.8

url:http://www.nsfocus.net/vulndb/27762

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2014-05598 // VULHUB: VHN-71283 // BID: 69667 // JVNDB: JVNDB-2014-004130 // CNNVD: CNNVD-201409-447 // NVD: CVE-2014-3343

CREDITS

Cisco

Trust: 0.3

sources: BID: 69667

SOURCES

db:CNVDid:CNVD-2014-05598
db:VULHUBid:VHN-71283
db:BIDid:69667
db:JVNDBid:JVNDB-2014-004130
db:CNNVDid:CNNVD-201409-447
db:NVDid:CVE-2014-3343

LAST UPDATE DATE

2024-11-23T22:38:56.420000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-05598date:2014-09-12T00:00:00
db:VULHUBid:VHN-71283date:2017-08-29T00:00:00
db:BIDid:69667date:2014-09-08T00:00:00
db:JVNDBid:JVNDB-2014-004130date:2014-09-11T00:00:00
db:CNNVDid:CNNVD-201409-447date:2014-09-12T00:00:00
db:NVDid:CVE-2014-3343date:2024-11-21T02:07:54.307

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-05598date:2014-09-12T00:00:00
db:VULHUBid:VHN-71283date:2014-09-10T00:00:00
db:BIDid:69667date:2014-09-08T00:00:00
db:JVNDBid:JVNDB-2014-004130date:2014-09-11T00:00:00
db:CNNVDid:CNNVD-201409-447date:2014-09-12T00:00:00
db:NVDid:CVE-2014-3343date:2014-09-10T10:55:07.833