Details of VAR-201410-0064

ID

VAR-201410-0064

CVE

CVE-2014-3404

TITLE

Cisco IOS XE of Autonomic Networking Infrastructure Vulnerability that triggers receipt of invalid messages in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-004654

DESCRIPTION

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. Vendors have confirmed this vulnerability Bug ID CSCuq22677 It is released as.A third party can trigger the receipt of invalid messages via crafted messages. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE has a security bypass vulnerability that allows an attacker to exploit a vulnerability to bypass certain security restrictions and perform unauthorized operations. Cisco IOS XE Software is prone to a security-bypass vulnerability. This issue is being tracked by Cisco Bug ID CSCuq22677. The vulnerability is caused by the program not validating certificates properly. A remote attacker could exploit this vulnerability to send a specially crafted message to the ANI device

Trust: 2.52

sources: NVD: CVE-2014-3404 // JVNDB: JVNDB-2014-004654 // CNVD: CNVD-2014-06656 // BID: 70387 // VULHUB: VHN-71344

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06656

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-06656 // JVNDB: JVNDB-2014-004654 // CNNVD: CNNVD-201410-195 // NVD: CVE-2014-3404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3404
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3404
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06656
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201410-195
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71344
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3404
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06656
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71344
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06656 // VULHUB: VHN-71344 // JVNDB: JVNDB-2014-004654 // CNNVD: CNNVD-201410-195 // NVD: CVE-2014-3404

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-71344 // JVNDB: JVNDB-2014-004654 // NVD: CVE-2014-3404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-195

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201410-195

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004654

PATCH

title:	Autonomic Networking Infrastructure Certificate Chain Validation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3404	Trust: 0.8
title:	36031	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36031	Trust: 0.8

sources: JVNDB: JVNDB-2014-004654

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3404	Trust: 3.4
db:	BID	id:	70387	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-004654	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-195	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06656	Trust: 0.6
db:	VULHUB	id:	VHN-71344	Trust: 0.1

sources: CNVD: CNVD-2014-06656 // VULHUB: VHN-71344 // BID: 70387 // JVNDB: JVNDB-2014-004654 // CNNVD: CNNVD-201410-195 // NVD: CVE-2014-3404

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3404	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3404	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3404	Trust: 0.8
url:	http://www.securityfocus.com/bid/70387	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-06656 // VULHUB: VHN-71344 // BID: 70387 // JVNDB: JVNDB-2014-004654 // CNNVD: CNNVD-201410-195 // NVD: CVE-2014-3404

CREDITS

Cisco

Trust: 0.3

sources: BID: 70387

SOURCES

db:	CNVD	id:	CNVD-2014-06656
db:	VULHUB	id:	VHN-71344
db:	BID	id:	70387
db:	JVNDB	id:	JVNDB-2014-004654
db:	CNNVD	id:	CNNVD-201410-195
db:	NVD	id:	CVE-2014-3404

LAST UPDATE DATE

2024-11-23T22:52:50.826000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06656	date:	2014-10-14T00:00:00
db:	VULHUB	id:	VHN-71344	date:	2014-10-10T00:00:00
db:	BID	id:	70387	date:	2014-10-13T06:00:00
db:	JVNDB	id:	JVNDB-2014-004654	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-195	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3404	date:	2024-11-21T02:08:01.280

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06656	date:	2014-10-13T00:00:00
db:	VULHUB	id:	VHN-71344	date:	2014-10-10T00:00:00
db:	BID	id:	70387	date:	2014-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-004654	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-195	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3404	date:	2014-10-10T01:55:09.150