CVE-2014-3308

2014-07-0711:01:30

CWE-20

[email protected]

web.nvd.nist.gov

cisco

ios

asr 9000

security

vulnerability

denial of service

nvd

cve-2014-3308

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.

Affected configurations

NVD

Node

ciscoios_xr

AND

ciscoasr_9000_rsp440_routerMatch-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9904Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

CPENameOperatorVersion
cisco:ios_xrcisco ios xreq*
cisco:asr_9000_rsp440_routercisco asr 9000 rsp440 routereq-
cisco:asr_9001cisco asr 9001eq-
cisco:asr_9006cisco asr 9006eq-
cisco:asr_9010cisco asr 9010eq-
cisco:asr_9904cisco asr 9904eq-
cisco:asr_9912cisco asr 9912eq-
cisco:asr_9922cisco asr 9922eq-

CPE	Name	Operator	Version
cisco:ios_xr	cisco ios xr	eq	*
cisco:asr_9000_rsp440_router	cisco asr 9000 rsp440 router	eq	-
cisco:asr_9001	cisco asr 9001	eq	-
cisco:asr_9006	cisco asr 9006	eq	-
cisco:asr_9010	cisco asr 9010	eq	-
cisco:asr_9904	cisco asr 9904	eq	-
cisco:asr_9912	cisco asr 9912	eq	-
cisco:asr_9922	cisco asr 9922	eq	-