Details of VAR-201409-0405

ID

VAR-201409-0405

CVE

CVE-2014-3355

TITLE

Cisco IOS and IOS XE Service disruption in the metadata flow function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004401

DESCRIPTION

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCug75942. The following products and versions are affected: Cisco IOS Releases 15.1 through 15.3, IOS XE 3.3.xXO prior to 3.3.1XO, 3.6.xS and 3.7.xS prior to 3.7.6S, 3.8.xS and 3.9 prior to 3.10.1S .xS version, 3.10S version

Trust: 3.06

sources: NVD: CVE-2014-3355 // JVNDB: JVNDB-2014-004401 // CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425 // BID: 70130 // VULHUB: VHN-71295

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(5\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(2\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3\(.0\)xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(3\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(1\)as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(4\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(0\)s	Trust: 1.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	3.x	Trust: 1.2
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8\(0\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8\(2\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9\(0\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8\(1\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9\(2\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9\(1a\)s	Trust: 1.0
vendor:	cisco	model:	ios 15.2 t3	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 t2	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 t1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 gc	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1-15.3	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0-15.4	Trust: 0.6
vendor:	cisco	model:	ios 15.3 s1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 gc1	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation stratix	scope:	eq	version:	59000	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3xo.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 t2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s0xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 t1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2gca	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 xb10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gca1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gca	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gc2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy	scope:	-	version:	-	Trust: 0.3
vendor:	rockwell	model:	automation stratix	scope:	ne	version:	590015.6.3	Trust: 0.3

sources: CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425 // BID: 70130 // JVNDB: JVNDB-2014-004401 // CNNVD: CNNVD-201409-958 // NVD: CVE-2014-3355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3355
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3355
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06452
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2014-06425
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201409-958
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71295
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3355
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06452
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2014-06425
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71295
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425 // VULHUB: VHN-71295 // JVNDB: JVNDB-2014-004401 // CNNVD: CNNVD-201409-958 // NVD: CVE-2014-3355

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-71295 // JVNDB: JVNDB-2014-004401 // NVD: CVE-2014-3355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-958

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201409-958

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004401

PATCH

title:	cisco-sa-20140924-metadata	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata	Trust: 0.8
title:	35623	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35623	Trust: 0.8
title:	Patch for Cisco IOS and IOS XE Software Denial of Service Vulnerability (CNVD-2014-06452)	url:	https://www.cnvd.org.cn/patchInfo/show/50470	Trust: 0.6
title:	Patch for Cisco IOS and IOS XE Software Denial of Service Vulnerability (CNVD-2014-06425)	url:	https://www.cnvd.org.cn/patchInfo/show/50448	Trust: 0.6

sources: CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425 // JVNDB: JVNDB-2014-004401

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3355	Trust: 4.0
db:	BID	id:	70130	Trust: 2.0
db:	SECTRACK	id:	1030894	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004401	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-958	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06452	Trust: 0.6
db:	CNVD	id:	CNVD-2014-06425	Trust: 0.6
db:	ICS CERT	id:	ICSA-17-094-04	Trust: 0.3
db:	VULHUB	id:	VHN-71295	Trust: 0.1

sources: CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425 // VULHUB: VHN-71295 // BID: 70130 // JVNDB: JVNDB-2014-004401 // CNNVD: CNNVD-201409-958 // NVD: CVE-2014-3355

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-metadata	Trust: 2.0
url:	http://www.securityfocus.com/bid/70130	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-metadata/cvrf/cisco-sa-20140924-metadata_cvrf.xml	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3355	Trust: 1.4
url:	http://www.securitytracker.com/id/1030894	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96175	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35623	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3355	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-094-04	Trust: 0.3

sources: CNVD: CNVD-2014-06452 // CNVD: CNVD-2014-06425 // VULHUB: VHN-71295 // BID: 70130 // JVNDB: JVNDB-2014-004401 // CNNVD: CNNVD-201409-958 // NVD: CVE-2014-3355

CREDITS

Cisco

Trust: 0.3

sources: BID: 70130

SOURCES

db:	CNVD	id:	CNVD-2014-06452
db:	CNVD	id:	CNVD-2014-06425
db:	VULHUB	id:	VHN-71295
db:	BID	id:	70130
db:	JVNDB	id:	JVNDB-2014-004401
db:	CNNVD	id:	CNNVD-201409-958
db:	NVD	id:	CVE-2014-3355

LAST UPDATE DATE

2024-11-23T20:01:34.806000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06452	date:	2014-09-28T00:00:00
db:	CNVD	id:	CNVD-2014-06425	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71295	date:	2017-08-29T00:00:00
db:	BID	id:	70130	date:	2017-05-23T16:24:00
db:	JVNDB	id:	JVNDB-2014-004401	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-958	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3355	date:	2024-11-21T02:07:55.780

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06452	date:	2014-09-28T00:00:00
db:	CNVD	id:	CNVD-2014-06425	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71295	date:	2014-09-25T00:00:00
db:	BID	id:	70130	date:	2014-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-004401	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-958	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3355	date:	2014-09-25T10:55:08.447