Lucene search

CiscoCISCO-SA-20140514-CVE-2014-3263

HistoryMay 14, 2014 - 8:09 p.m.

Cisco IOS Software ScanSafe Vulnerability

2014-05-1420:09:26

tools.cisco.com

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

EPSS

0.004

Percentile

72.1%

JSON

A vulnerability in the content scanning module of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.

The vulnerability occurs when processing HTTPS packets that need to be redirected to a ScanSafe tower. An attacker could exploit this vulnerability by sending HTTPS packets to be redirected to a ScanSafe tower. An exploit could allow the attacker to cause a reload of the affected device.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker may need access to trusted, internal networks in which the targeted device may reside to send HTTPS packets to a targeted device. This access requirement may reduce the likelihood of a successful exploit.

Affected configurations

Vulners

Node

ciscoiosMatchany

VendorProductVersionCPE
ciscoiosanycpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	any	cpe:2.3:o:cisco:ios:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140514-CVE-2014-3263

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

EPSS

0.004

Percentile

72.1%

JSON

Related for CISCO-SA-20140514-CVE-2014-3263