Details of VAR-201410-0065

ID

VAR-201410-0065

CVE

CVE-2014-3405

TITLE

Cisco IOS XE Vulnerable to root injection attacks

Trust: 0.8

sources: JVNDB: JVNDB-2014-004655

DESCRIPTION

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. Vendors have confirmed this vulnerability Bug ID CSCuq22673 It is released as.By a third party ANI Cleverly crafted on the interface RPL A route injection attack may be performed through advertisement. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This may aid in other attacks. This issue is being tracked by Cisco Bug ID CSCuq22673. Remote attackers can use this vulnerability to implement route-injection attacks

Trust: 2.52

sources: NVD: CVE-2014-3405 // JVNDB: JVNDB-2014-004655 // CNVD: CNVD-2014-06654 // BID: 70385 // VULHUB: VHN-71345

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06654

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-06654 // JVNDB: JVNDB-2014-004655 // CNNVD: CNNVD-201410-196 // NVD: CVE-2014-3405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3405
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3405
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06654
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201410-196
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71345
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3405
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06654
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71345
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06654 // VULHUB: VHN-71345 // JVNDB: JVNDB-2014-004655 // CNNVD: CNNVD-201410-196 // NVD: CVE-2014-3405

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-004655 // NVD: CVE-2014-3405

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201410-196

TYPE

Unknown

Trust: 0.3

sources: BID: 70385

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004655

PATCH

title:	Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3405	Trust: 0.8
title:	36033	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36033	Trust: 0.8

sources: JVNDB: JVNDB-2014-004655

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3405	Trust: 3.4
db:	BID	id:	70385	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-004655	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-196	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06654	Trust: 0.6
db:	VULHUB	id:	VHN-71345	Trust: 0.1

sources: CNVD: CNVD-2014-06654 // VULHUB: VHN-71345 // BID: 70385 // JVNDB: JVNDB-2014-004655 // CNNVD: CNNVD-201410-196 // NVD: CVE-2014-3405

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3405	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3405	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3405	Trust: 0.8
url:	http://www.securityfocus.com/bid/70385	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-06654 // VULHUB: VHN-71345 // BID: 70385 // JVNDB: JVNDB-2014-004655 // CNNVD: CNNVD-201410-196 // NVD: CVE-2014-3405

CREDITS

Cisco

Trust: 0.3

sources: BID: 70385

SOURCES

db:	CNVD	id:	CNVD-2014-06654
db:	VULHUB	id:	VHN-71345
db:	BID	id:	70385
db:	JVNDB	id:	JVNDB-2014-004655
db:	CNNVD	id:	CNNVD-201410-196
db:	NVD	id:	CVE-2014-3405

LAST UPDATE DATE

2024-11-23T21:44:51.484000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06654	date:	2014-10-14T00:00:00
db:	VULHUB	id:	VHN-71345	date:	2014-10-10T00:00:00
db:	BID	id:	70385	date:	2014-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004655	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-196	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3405	date:	2024-11-21T02:08:01.393

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06654	date:	2014-10-13T00:00:00
db:	VULHUB	id:	VHN-71345	date:	2014-10-10T00:00:00
db:	BID	id:	70385	date:	2014-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004655	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-196	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3405	date:	2014-10-10T01:55:09.290