Lucene search

CiscoCVE-2014-3284

HistoryMay 25, 2014 - 10:55 p.m.

CVE-2014-3284

2014-05-2522:55:02

CWE-20

cisco

web.nvd.nist.gov

cisco

ios xe

asr1000

pppoe

denial of service

vulnerability

cve-2014-3284

nvd

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

Affected configurations

Nvd

Node

ciscoios_xeMatch-

AND

ciscoasr_1001Match-

ciscoasr_1002Match-

ciscoasr_1002-xMatch-

ciscoasr_1002_fixed_routerMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1013Match-

ciscoasr_1023_routerMatch-

VendorProductVersionCPE
ciscoios_xe-cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*
ciscoasr_1001-cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*
ciscoasr_1002-cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*
ciscoasr_1002-x-cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*
ciscoasr_1002_fixed_router-cpe:2.3:h:cisco:asr_1002_fixed_router:-:*:*:*:*:*:*:*
ciscoasr_1004-cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*
ciscoasr_1006-cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*
ciscoasr_1013-cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*
ciscoasr_1023_router-cpe:2.3:h:cisco:asr_1023_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	-	cpe:2.3:o:cisco:ios_xe:-:::::::*
cisco	asr_1001	-	cpe:2.3:h:cisco:asr_1001:-:::::::*
cisco	asr_1002	-	cpe:2.3:h:cisco:asr_1002:-:::::::*
cisco	asr_1002-x	-	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
cisco	asr_1002_fixed_router	-	cpe:2.3:h:cisco:asr_1002_fixed_router:-:::::::*
cisco	asr_1004	-	cpe:2.3:h:cisco:asr_1004:-:::::::*
cisco	asr_1006	-	cpe:2.3:h:cisco:asr_1006:-:::::::*
cisco	asr_1013	-	cpe:2.3:h:cisco:asr_1013:-:::::::*
cisco	asr_1023_router	-	cpe:2.3:h:cisco:asr_1023_router:-:::::::*

References

secunia.com/advisories/58405

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3284

tools.cisco.com/security/center/viewAlert.x?alertId=34346

www.securityfocus.com/bid/67603

www.securitytracker.com/id/1030283

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Related for CVE-2014-3284