Details of VAR-201409-0402

ID

VAR-201409-0402

CVE

CVE-2014-3379

TITLE

Cisco IOS XR Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-06162 // CNNVD: CNNVD-201409-744

DESCRIPTION

Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCuq10466

Trust: 2.52

sources: NVD: CVE-2014-3379 // JVNDB: JVNDB-2014-004365 // CNVD: CNVD-2014-06162 // BID: 69960 // VULHUB: VHN-71319

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06162

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.1.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.4	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.2	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.50	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.4	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.4	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.2	Trust: 1.0
vendor:	cisco	model:	network convergence system 6000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.4	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.4	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.9.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.5	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	cisco	model:	network convergence system 6008	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.9.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.9.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	lte	version:	5.1	Trust: 0.8
vendor:	cisco	model:	network convergence system 6000 series router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	network convergence system 6008 single chassis	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xr	scope:	lte	version:	<=5.1	Trust: 0.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-06162 // BID: 69960 // JVNDB: JVNDB-2014-004365 // CNNVD: CNNVD-201409-744 // NVD: CVE-2014-3379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3379
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3379
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06162
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201409-744
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71319
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3379
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06162
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71319
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06162 // VULHUB: VHN-71319 // JVNDB: JVNDB-2014-004365 // CNNVD: CNNVD-201409-744 // NVD: CVE-2014-3379

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71319 // JVNDB: JVNDB-2014-004365 // NVD: CVE-2014-3379

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201409-744

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201409-744

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004365

PATCH

title:	Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379	Trust: 0.8
title:	35776	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35776	Trust: 0.8
title:	Patch for Cisco IOS XR Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/50217	Trust: 0.6

sources: CNVD: CNVD-2014-06162 // JVNDB: JVNDB-2014-004365

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3379	Trust: 3.4
db:	BID	id:	69960	Trust: 1.4
db:	SECTRACK	id:	1030878	Trust: 1.1
db:	SECUNIA	id:	61372	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004365	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-744	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06162	Trust: 0.6
db:	VULHUB	id:	VHN-71319	Trust: 0.1

sources: CNVD: CNVD-2014-06162 // VULHUB: VHN-71319 // BID: 69960 // JVNDB: JVNDB-2014-004365 // CNNVD: CNNVD-201409-744 // NVD: CVE-2014-3379

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3379	Trust: 2.6
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35776	Trust: 1.7
url:	http://www.securityfocus.com/bid/69960	Trust: 1.1
url:	http://www.securitytracker.com/id/1030878	Trust: 1.1
url:	http://secunia.com/advisories/61372	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96068	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3379	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3379	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps5845/index.html	Trust: 0.3

sources: CNVD: CNVD-2014-06162 // VULHUB: VHN-71319 // BID: 69960 // JVNDB: JVNDB-2014-004365 // CNNVD: CNNVD-201409-744 // NVD: CVE-2014-3379

CREDITS

Cisco

Trust: 0.3

sources: BID: 69960

SOURCES

db:	CNVD	id:	CNVD-2014-06162
db:	VULHUB	id:	VHN-71319
db:	BID	id:	69960
db:	JVNDB	id:	JVNDB-2014-004365
db:	CNNVD	id:	CNNVD-201409-744
db:	NVD	id:	CVE-2014-3379

LAST UPDATE DATE

2024-11-23T22:13:39.878000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06162	date:	2014-09-23T00:00:00
db:	VULHUB	id:	VHN-71319	date:	2017-08-29T00:00:00
db:	BID	id:	69960	date:	2014-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-004365	date:	2014-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201409-744	date:	2014-09-22T00:00:00
db:	NVD	id:	CVE-2014-3379	date:	2024-11-21T02:07:58.547

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06162	date:	2014-09-23T00:00:00
db:	VULHUB	id:	VHN-71319	date:	2014-09-20T00:00:00
db:	BID	id:	69960	date:	2014-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-004365	date:	2014-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201409-744	date:	2014-09-22T00:00:00
db:	NVD	id:	CVE-2014-3379	date:	2014-09-20T10:55:05.027