Details of VAR-201409-0408

ID

VAR-201409-0408

CVE

CVE-2014-3358

TITLE

Cisco IOS and IOS XE Software Multicast DNS Gateway Memory Leak Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-06436 // BID: 70139

DESCRIPTION

Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS and IOS XE software are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCuj58950. The following products and versions are affected: Cisco IOS Releases 15.0, 15.1, 15.2, and 15.4, IOS XE 3.3.xSE prior to 3.3.2SE, 3.3.xXO prior to 3.3.1XO, 3.5.xE prior to 3.5.2E and Version 3.11.0S

Trust: 2.52

sources: NVD: CVE-2014-3358 // JVNDB: JVNDB-2014-004404 // CNVD: CNVD-2014-06436 // BID: 70139 // VULHUB: VHN-71298

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06436

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0e	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1e	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3\(.0\)xo	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1se	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0se	Trust: 1.6
vendor:	cisco	model:	ios xe 3.1s	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	ios xe 3.3s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0-15.4	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	3.x	Trust: 0.6
vendor:	cisco	model:	ios xe software 3.9s.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.9s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.8s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.7s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.6s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.5e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4sg.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4sg.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4sg.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.4s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3xo.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3se.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3se.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.3s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.2se.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.10s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4.1	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.2	Trust: 0.3
vendor:	cisco	model:	ios xe t	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.6.0	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.5.0	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	cisco	model:	ios 15.4t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1xo	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xo	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0ez	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 ez1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 ez	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-06436 // BID: 70139 // JVNDB: JVNDB-2014-004404 // CNNVD: CNNVD-201409-961 // NVD: CVE-2014-3358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3358
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3358
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06436
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201409-961
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71298
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3358
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06436
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71298
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06436 // VULHUB: VHN-71298 // JVNDB: JVNDB-2014-004404 // CNNVD: CNNVD-201409-961 // NVD: CVE-2014-3358

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-71298 // JVNDB: JVNDB-2014-004404 // NVD: CVE-2014-3358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-961

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201409-961

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004404

PATCH

title:	35023	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35023	Trust: 0.8
title:	Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml	Trust: 0.8
title:	cisco-sa-20140924-mdns	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns	Trust: 0.8
title:	35607	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35607	Trust: 0.8
title:	\302\240\302\240\302\240\302\240\302\240Cisco IOS and IOS XE Software Multicast DNS Gateway Memory Leak Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/50433	Trust: 0.6

sources: CNVD: CNVD-2014-06436 // JVNDB: JVNDB-2014-004404

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3358	Trust: 3.4
db:	BID	id:	70139	Trust: 2.0
db:	SECTRACK	id:	1030898	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004404	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-961	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06436	Trust: 0.6
db:	VULHUB	id:	VHN-71298	Trust: 0.1

sources: CNVD: CNVD-2014-06436 // VULHUB: VHN-71298 // BID: 70139 // JVNDB: JVNDB-2014-004404 // CNNVD: CNNVD-201409-961 // NVD: CVE-2014-3358

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-mdns	Trust: 2.0
url:	http://www.securityfocus.com/bid/70139	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3358	Trust: 1.4
url:	http://www.securitytracker.com/id/1030898	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96183	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3358	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35607	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps5845/index.html	Trust: 0.3

sources: CNVD: CNVD-2014-06436 // VULHUB: VHN-71298 // BID: 70139 // JVNDB: JVNDB-2014-004404 // CNNVD: CNNVD-201409-961 // NVD: CVE-2014-3358

CREDITS

Cisco

Trust: 0.3

sources: BID: 70139

SOURCES

db:	CNVD	id:	CNVD-2014-06436
db:	VULHUB	id:	VHN-71298
db:	BID	id:	70139
db:	JVNDB	id:	JVNDB-2014-004404
db:	CNNVD	id:	CNNVD-201409-961
db:	NVD	id:	CVE-2014-3358

LAST UPDATE DATE

2024-11-23T22:56:32.419000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06436	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71298	date:	2017-08-29T00:00:00
db:	BID	id:	70139	date:	2014-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-004404	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-961	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3358	date:	2024-11-21T02:07:56.143

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06436	date:	2014-09-28T00:00:00
db:	VULHUB	id:	VHN-71298	date:	2014-09-25T00:00:00
db:	BID	id:	70139	date:	2014-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-004404	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-961	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-3358	date:	2014-09-25T10:55:08.590