Details of VAR-201409-0407

ID

VAR-201409-0407

CVE

CVE-2014-3357

TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004403

DESCRIPTION

Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCul90866. The following products and versions are affected: Cisco IOS Releases 15.0, 15.1, 15.2, and 15.4, IOS XE 3.3.xSE prior to 3.3.2SE, 3.3.xXO prior to 3.3.1XO, 3.5.xE prior to 3.5.2E and Version 3.11.0S

Trust: 2.52

sources: NVD: CVE-2014-3357 // JVNDB: JVNDB-2014-004403 // CNVD: CNVD-2014-06433 // BID: 70132 // VULHUB: VHN-71297

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06433

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0e	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1e	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3\(.0\)xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1se	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0se	Trust: 1.6
vendor:	cisco	model:	ios xe 3.1s	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	ios xe 3.3s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0-15.4	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	3.x	Trust: 0.6
vendor:	cisco	model:	ios xe software 3.9s.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4sg.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4sg.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4sg.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3xo.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3se.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3se.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.1	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.2	Trust: 0.3
vendor:	cisco	model:	ios xe t	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.0	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.5.0	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	cisco	model:	ios 15.4t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1xo	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xo	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0ez	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 ez1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 ez	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-06433 // BID: 70132 // JVNDB: JVNDB-2014-004403 // CNNVD: CNNVD-201409-960 // NVD: CVE-2014-3357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3357
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3357
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06433
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201409-960
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71297
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3357
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06433
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71297
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06433 // VULHUB: VHN-71297 // JVNDB: JVNDB-2014-004403 // CNNVD: CNNVD-201409-960 // NVD: CVE-2014-3357

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-71297 // JVNDB: JVNDB-2014-004403 // NVD: CVE-2014-3357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-960

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201409-960

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004403

PATCH

title:	35023	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35023	Trust: 0.8
title:	Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml	Trust: 0.8
title:	cisco-sa-20140924-mdns	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns	Trust: 0.8
title:	35608	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35608	Trust: 0.8
title:	Patch for Cisco IOS and IOS XE Software Multicast DNS Gateway Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/50436	Trust: 0.6

sources: CNVD: CNVD-2014-06433 // JVNDB: JVNDB-2014-004403

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3357	Trust: 3.4
db:	BID	id:	70132	Trust: 2.0
db:	SECTRACK	id:	1030898	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004403	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-960	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06433	Trust: 0.6
db:	VULHUB	id:	VHN-71297	Trust: 0.1

sources: CNVD: CNVD-2014-06433 // VULHUB: VHN-71297 // BID: 70132 // JVNDB: JVNDB-2014-004403 // CNNVD: CNNVD-201409-960 // NVD: CVE-2014-3357

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-mdns	Trust: 2.0
url:	http://www.securityfocus.com/bid/70132	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3357	Trust: 1.4
url:	http://www.securitytracker.com/id/1030898	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96182	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3357	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35608	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps5845/index.html	Trust: 0.3

sources: CNVD: CNVD-2014-06433 // VULHUB: VHN-71297 // BID: 70132 // JVNDB: JVNDB-2014-004403 // CNNVD: CNNVD-201409-960 // NVD: CVE-2014-3357

CREDITS

Cisco

Trust: 0.3

sources: BID: 70132

SOURCES

db:	CNVD	id:	CNVD-2014-06433
db:	VULHUB	id:	VHN-71297
db:	BID	id:	70132
db:	JVNDB	id:	JVNDB-2014-004403
db:	CNNVD	id:	CNNVD-201409-960
db:	NVD	id:	CVE-2014-3357

LAST UPDATE DATE

2024-11-23T22:56:32.454000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06433	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71297	date:	2017-08-29T00:00:00
db:	BID	id:	70132	date:	2014-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-004403	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-960	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3357	date:	2024-11-21T02:07:56.023

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06433	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71297	date:	2014-09-25T00:00:00
db:	BID	id:	70132	date:	2014-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-004403	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-960	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3357	date:	2014-09-25T10:55:08.557