Details of VAR-201410-0062

ID

VAR-201410-0062

CVE

CVE-2014-3402

TITLE

Cisco Intrusion Detection System of Cisco Intrusion Prevention System of Web Service operation interruption in the framework (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004799

DESCRIPTION

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550. Vendors have confirmed this vulnerability Bug ID CSCuq39550 It is released as.Service disruption by a third party via a crafted connection request to the management interface (MainApp Temporary hang of ) There is a possibility of being put into a state. Cisco Intrusion Prevention System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuq39550

Trust: 2.07

sources: NVD: CVE-2014-3402 // JVNDB: JVNDB-2014-004799 // BID: 70278 // VULHUB: VHN-71342 // VULMON: CVE-2014-3402

AFFECTED PRODUCTS

vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(2\)e3	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(1\)e3	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(6\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(2\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(3\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(4\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(5a\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(7\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	lte	version:	7.0\(8\)e4	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system software	scope:	lte	version:	7.0(8)e4	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.0\(8\)e4	Trust: 0.6

sources: JVNDB: JVNDB-2014-004799 // CNNVD: CNNVD-201410-218 // NVD: CVE-2014-3402

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3402
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3402
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-218
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71342
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3402
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3402
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-71342
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71342 // VULMON: CVE-2014-3402 // JVNDB: JVNDB-2014-004799 // CNNVD: CNNVD-201410-218 // NVD: CVE-2014-3402

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-71342 // JVNDB: JVNDB-2014-004799 // NVD: CVE-2014-3402

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-218

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201410-218

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004799

PATCH

title:	Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402	Trust: 0.8
title:	36014	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36014	Trust: 0.8
title:	Cisco: Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20141008-CVE-2014-3402	Trust: 0.1

sources: VULMON: CVE-2014-3402 // JVNDB: JVNDB-2014-004799

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3402	Trust: 2.9
db:	JVNDB	id:	JVNDB-2014-004799	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-218	Trust: 0.7
db:	BID	id:	70278	Trust: 0.5
db:	VULHUB	id:	VHN-71342	Trust: 0.1
db:	VULMON	id:	CVE-2014-3402	Trust: 0.1

sources: VULHUB: VHN-71342 // VULMON: CVE-2014-3402 // BID: 70278 // JVNDB: JVNDB-2014-004799 // CNNVD: CNNVD-201410-218 // NVD: CVE-2014-3402

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3402	Trust: 1.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36014	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3402	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3402	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/70278	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-cve-2014-3402	Trust: 0.1

sources: VULHUB: VHN-71342 // VULMON: CVE-2014-3402 // BID: 70278 // JVNDB: JVNDB-2014-004799 // CNNVD: CNNVD-201410-218 // NVD: CVE-2014-3402

CREDITS

Cisco

Trust: 0.3

sources: BID: 70278

SOURCES

db:	VULHUB	id:	VHN-71342
db:	VULMON	id:	CVE-2014-3402
db:	BID	id:	70278
db:	JVNDB	id:	JVNDB-2014-004799
db:	CNNVD	id:	CNNVD-201410-218
db:	NVD	id:	CVE-2014-3402

LAST UPDATE DATE

2024-11-23T21:55:16.004000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71342	date:	2014-10-15T00:00:00
db:	VULMON	id:	CVE-2014-3402	date:	2014-10-15T00:00:00
db:	BID	id:	70278	date:	2014-10-13T00:01:00
db:	JVNDB	id:	JVNDB-2014-004799	date:	2014-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201410-218	date:	2014-10-16T00:00:00
db:	NVD	id:	CVE-2014-3402	date:	2024-11-21T02:08:01.057

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71342	date:	2014-10-10T00:00:00
db:	VULMON	id:	CVE-2014-3402	date:	2014-10-10T00:00:00
db:	BID	id:	70278	date:	2014-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-004799	date:	2014-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201410-218	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3402	date:	2014-10-10T10:55:06.727