Details of VAR-201409-0406

ID

VAR-201409-0406

CVE

CVE-2014-3356

TITLE

Cisco IOS and IOS XE Service disruption in the metadata flow function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004402

DESCRIPTION

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCue22753. The following products and versions are affected: Cisco IOS Releases 15.1 through 15.3, IOS XE 3.3.xXO prior to 3.3.1XO, 3.6.xS and 3.7.xS prior to 3.7.6S, 3.8.xS and 3.9 prior to 3.10.1S .xS version, 3.10S version

Trust: 2.52

sources: NVD: CVE-2014-3356 // JVNDB: JVNDB-2014-004402 // CNVD: CNVD-2014-06434 // BID: 70135 // VULHUB: VHN-71296

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06434

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8\(2\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9\(0\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9\(1a\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(5\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8\(1\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9\(2\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(3\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(4\)s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8\(0\)s	Trust: 1.6
vendor:	cisco	model:	ios 15.2 gc	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(0\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(1\)as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7\(2\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3\(.0\)xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2s	Trust: 1.0
vendor:	cisco	model:	ios 15.3 s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 gc1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 t3	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 t2	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.2 t1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0-15.4	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	3.x	Trust: 0.6
vendor:	cisco	model:	ios 15.3 t3	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 t2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 t1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 s1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2 t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 sy3	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 sy2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 sy1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 sy	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation stratix	scope:	eq	version:	59000	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s0xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s0a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 t4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2gca	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 xb10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gca1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gca	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gc2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sy	scope:	-	version:	-	Trust: 0.3
vendor:	rockwell	model:	automation stratix	scope:	ne	version:	590015.6.3	Trust: 0.3

sources: CNVD: CNVD-2014-06434 // BID: 70135 // JVNDB: JVNDB-2014-004402 // CNNVD: CNNVD-201409-959 // NVD: CVE-2014-3356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3356
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3356
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201409-959
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71296
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3356
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06434
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71296
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06434 // VULHUB: VHN-71296 // JVNDB: JVNDB-2014-004402 // CNNVD: CNNVD-201409-959 // NVD: CVE-2014-3356

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-71296 // JVNDB: JVNDB-2014-004402 // NVD: CVE-2014-3356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-959

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201409-959

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004402

PATCH

title:	cisco-sa-20140924-metadata	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata	Trust: 0.8
title:	35622	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35622	Trust: 0.8
title:	Patch for Cisco IOS and IOS XE Software Denial of Service Vulnerability (CNVD-2014-06434)	url:	https://www.cnvd.org.cn/patchInfo/show/50435	Trust: 0.6

sources: CNVD: CNVD-2014-06434 // JVNDB: JVNDB-2014-004402

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3356	Trust: 3.4
db:	BID	id:	70135	Trust: 2.0
db:	SECTRACK	id:	1030894	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004402	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-959	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06434	Trust: 0.6
db:	ICS CERT	id:	ICSA-17-094-04	Trust: 0.3
db:	VULHUB	id:	VHN-71296	Trust: 0.1

sources: CNVD: CNVD-2014-06434 // VULHUB: VHN-71296 // BID: 70135 // JVNDB: JVNDB-2014-004402 // CNNVD: CNNVD-201409-959 // NVD: CVE-2014-3356

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-metadata	Trust: 2.0
url:	http://www.securityfocus.com/bid/70135	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-metadata/cvrf/cisco-sa-20140924-metadata_cvrf.xml	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3356	Trust: 1.4
url:	http://www.securitytracker.com/id/1030894	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96176	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3356	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35622	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-094-04	Trust: 0.3

sources: CNVD: CNVD-2014-06434 // VULHUB: VHN-71296 // BID: 70135 // JVNDB: JVNDB-2014-004402 // CNNVD: CNNVD-201409-959 // NVD: CVE-2014-3356

CREDITS

Cisco

Trust: 0.3

sources: BID: 70135

SOURCES

db:	CNVD	id:	CNVD-2014-06434
db:	VULHUB	id:	VHN-71296
db:	BID	id:	70135
db:	JVNDB	id:	JVNDB-2014-004402
db:	CNNVD	id:	CNNVD-201409-959
db:	NVD	id:	CVE-2014-3356

LAST UPDATE DATE

2024-11-23T19:53:49.164000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06434	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71296	date:	2017-08-29T00:00:00
db:	BID	id:	70135	date:	2017-05-23T16:24:00
db:	JVNDB	id:	JVNDB-2014-004402	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-959	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-3356	date:	2024-11-21T02:07:55.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06434	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71296	date:	2014-09-25T00:00:00
db:	BID	id:	70135	date:	2014-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-004402	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-959	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3356	date:	2014-09-25T10:55:08.497