Sign-up

ID

VAR-201411-0044


CVE

CVE-2014-3407


TITLE

Cisco Adaptive Security Appliance Software SSL VPN Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-005678

DESCRIPTION

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. Vendors have confirmed this vulnerability Bug ID CSCuq68888 It is released as.Denial of service operation via a packet crafted by a third party ( Memory consumption ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the exhaustion of available memory, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCuq68888. The vulnerability originates from the incorrect allocation of memory blocks when the program processes HTTP packets

Trust: 1.98

sources: NVD: CVE-2014-3407 // JVNDB: JVNDB-2014-005678 // BID: 71317 // VULHUB: VHN-71347

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.3\(2\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:lteversion:9.3(.2)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.3\(.2\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-005678 // CNNVD: CNNVD-201411-525 // NVD: CVE-2014-3407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3407
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3407
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201411-525
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71347
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3407
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71347
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71347 // JVNDB: JVNDB-2014-005678 // CNNVD: CNNVD-201411-525 // NVD: CVE-2014-3407

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-71347 // JVNDB: JVNDB-2014-005678 // NVD: CVE-2014-3407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-525

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201411-525

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005678

PATCH
title:Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407
Trust: 0.8
title:36542url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36542
Trust: 0.8
title:Cisco Adaptive Security Appliance Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194625
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005678 // 
            
            
            
            CNNVD: CNNVD-201411-525

EXTERNAL IDS
db:NVDid:CVE-2014-3407
Trust: 2.8
db:JVNDBid:JVNDB-2014-005678
Trust: 0.8
db:CNNVDid:CNNVD-201411-525
Trust: 0.7
db:BIDid:71317
Trust: 0.4
db:VULHUBid:VHN-71347
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71347 // 
            
            
            
            BID: 71317 // 
            
            
            
            JVNDB: JVNDB-2014-005678 // 
            
            
            
            CNNVD: CNNVD-201411-525 // 
            
            
            
            NVD: CVE-2014-3407

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3407
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36542
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3407
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3407
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71347 // 
            
            
            
            BID: 71317 // 
            
            
            
            JVNDB: JVNDB-2014-005678 // 
            
            
            
            CNNVD: CNNVD-201411-525 // 
            
            
            
            NVD: CVE-2014-3407

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 71317 // 
            
            
            
            CNNVD: CNNVD-201411-525

SOURCES
db:VULHUBid:VHN-71347
db:BIDid:71317
db:JVNDBid:JVNDB-2014-005678
db:CNNVDid:CNNVD-201411-525
db:NVDid:CVE-2014-3407

LAST UPDATE DATE
2024-11-23T22:56:31.780000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71347date:2014-11-28T00:00:00
db:BIDid:71317date:2014-11-27T05:58:00
db:JVNDBid:JVNDB-2014-005678date:2014-12-01T00:00:00
db:CNNVDid:CNNVD-201411-525date:2022-06-06T00:00:00
db:NVDid:CVE-2014-3407date:2024-11-21T02:08:01.623

SOURCES RELEASE DATE
db:VULHUBid:VHN-71347date:2014-11-28T00:00:00
db:BIDid:71317date:2014-11-26T00:00:00
db:JVNDBid:JVNDB-2014-005678date:2014-12-01T00:00:00
db:CNNVDid:CNNVD-201411-525date:2014-11-27T00:00:00
db:NVDid:CVE-2014-3407date:2014-11-28T02:59:00.080