ID
VAR-201410-0063
CVE
CVE-2014-3403
TITLE
Cisco IOS XE of Autonomic Networking Infrastructure Component impersonation vulnerability
Trust: 0.8
DESCRIPTION
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. Vendors have confirmed this vulnerability Bug ID CSCuq22647 It is released as.A third party can impersonate the device through a crafted message. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE has a security bypass vulnerability that allows an attacker to bypass certain security restrictions and perform unauthorized operations. Cisco IOS XE Software is prone to a security-bypass vulnerability. This issue is being tracked by Cisco Bug ID CSCuq22647. The vulnerability is caused by the program not validating certificates properly
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.13s | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-310 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
encryption problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Autonomic Networking Infrastructure Certificate Validation Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403 | Trust: 0.8 |
| title: | 36032 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=36032 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-3403 | Trust: 3.4 |
| db: | BID | id: | 70386 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2014-004653 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201410-194 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2014-06655 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-71343 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3403 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3403 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3403 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/70386 | Trust: 0.6 |
| url: | www.cisco.com | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-06655 |
| db: | VULHUB | id: | VHN-71343 |
| db: | BID | id: | 70386 |
| db: | JVNDB | id: | JVNDB-2014-004653 |
| db: | CNNVD | id: | CNNVD-201410-194 |
| db: | NVD | id: | CVE-2014-3403 |
LAST UPDATE DATE
2024-11-23T22:08:17.283000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-06655 | date: | 2014-10-14T00:00:00 |
| db: | VULHUB | id: | VHN-71343 | date: | 2014-10-10T00:00:00 |
| db: | BID | id: | 70386 | date: | 2014-10-13T00:01:00 |
| db: | JVNDB | id: | JVNDB-2014-004653 | date: | 2014-10-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201410-194 | date: | 2014-10-14T00:00:00 |
| db: | NVD | id: | CVE-2014-3403 | date: | 2024-11-21T02:08:01.167 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-06655 | date: | 2014-10-13T00:00:00 |
| db: | VULHUB | id: | VHN-71343 | date: | 2014-10-10T00:00:00 |
| db: | BID | id: | 70386 | date: | 2014-10-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-004653 | date: | 2014-10-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201410-194 | date: | 2014-10-14T00:00:00 |
| db: | NVD | id: | CVE-2014-3403 | date: | 2014-10-10T01:55:09.070 |