CVE-2014-3361

2014-09-2510:55:08

CWE-119

cisco

web.nvd.nist.gov

cisco

ios

alg

sip

nat

denial of service

cve-2014-3361

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.6

Confidence

Low

EPSS

0.012

Percentile

85.1%

JSON

The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.

Affected configurations

Nvd

Node

ciscoiosMatch15.0

ciscoiosMatch15.1

ciscoiosMatch15.2

ciscoiosMatch15.3

ciscoiosMatch15.4

VendorProductVersionCPE
ciscoios15.0cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*
ciscoios15.1cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
ciscoios15.2cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*
ciscoios15.3cpe:2.3:o:cisco:ios:15.3:*:*:*:*:*:*:*
ciscoios15.4cpe:2.3:o:cisco:ios:15.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.0	cpe:2.3:o:cisco:ios:15.0:::::::*
cisco	ios	15.1	cpe:2.3:o:cisco:ios:15.1:::::::*
cisco	ios	15.2	cpe:2.3:o:cisco:ios:15.2:::::::*
cisco	ios	15.3	cpe:2.3:o:cisco:ios:15.3:::::::*
cisco	ios	15.4	cpe:2.3:o:cisco:ios:15.4:::::::*