Lucene search

CiscoCVE-2014-3347

HistoryAug 28, 2014 - 11:55 p.m.

CVE-2014-3347

2014-08-2823:55:05

CWE-399

cisco

web.nvd.nist.gov

cisco

ios

cisco 1800 isr

isdn

remote attackers

denial of service

interrupt timer collision

hardware encryption module

bug id cscul77897

cve-2014-3347

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.014

Percentile

86.2%

JSON

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

Affected configurations

Nvd

Node

ciscoiosMatch15.1\(4\)m2

AND

cisco1801_integrated_service_routerMatch-

cisco1802_integrated_service_routerMatch-

cisco1803_integrated_service_routerMatch-

cisco1811_integrated_service_routerMatch-

cisco1812_integrated_service_routerMatch-

cisco1841_integrated_service_routerMatch-

cisco1861_integrated_service_routerMatch-

VendorProductVersionCPE
ciscoios15.1(4)m2cpe:2.3:o:cisco:ios:15.1\(4\)m2:*:*:*:*:*:*:*
cisco1801_integrated_service_router-cpe:2.3:h:cisco:1801_integrated_service_router:-:*:*:*:*:*:*:*
cisco1802_integrated_service_router-cpe:2.3:h:cisco:1802_integrated_service_router:-:*:*:*:*:*:*:*
cisco1803_integrated_service_router-cpe:2.3:h:cisco:1803_integrated_service_router:-:*:*:*:*:*:*:*
cisco1811_integrated_service_router-cpe:2.3:h:cisco:1811_integrated_service_router:-:*:*:*:*:*:*:*
cisco1812_integrated_service_router-cpe:2.3:h:cisco:1812_integrated_service_router:-:*:*:*:*:*:*:*
cisco1841_integrated_service_router-cpe:2.3:h:cisco:1841_integrated_service_router:-:*:*:*:*:*:*:*
cisco1861_integrated_service_router-cpe:2.3:h:cisco:1861_integrated_service_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.1(4)m2	cpe:2.3:o:cisco:ios:15.1\(4\)m2:::::::*
cisco	1801_integrated_service_router	-	cpe:2.3:h:cisco:1801_integrated_service_router:-:::::::*
cisco	1802_integrated_service_router	-	cpe:2.3:h:cisco:1802_integrated_service_router:-:::::::*
cisco	1803_integrated_service_router	-	cpe:2.3:h:cisco:1803_integrated_service_router:-:::::::*
cisco	1811_integrated_service_router	-	cpe:2.3:h:cisco:1811_integrated_service_router:-:::::::*
cisco	1812_integrated_service_router	-	cpe:2.3:h:cisco:1812_integrated_service_router:-:::::::*
cisco	1841_integrated_service_router	-	cpe:2.3:h:cisco:1841_integrated_service_router:-:::::::*
cisco	1861_integrated_service_router	-	cpe:2.3:h:cisco:1861_integrated_service_router:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347

tools.cisco.com/security/center/viewAlert.x?alertId=35453

www.securityfocus.com/bid/69439

www.securitytracker.com/id/1030772

exchange.xforce.ibmcloud.com/vulnerabilities/95558

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.014

Percentile

86.2%

JSON

Related for CVE-2014-3347