Lucene search

CiscoCVE-2014-3403

HistoryOct 10, 2014 - 1:55 a.m.

CVE-2014-3403

2014-10-1001:55:09

CWE-310

cisco

web.nvd.nist.gov

cisco

ios xe

autonomic networking infrastructure

ani

cve-2014-3403

nvd

security

spoofing

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

49.4%

JSON

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.

Affected configurations

Nvd

Node

ciscoios_xeMatch-

VendorProductVersionCPE
ciscoios_xe-cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	-	cpe:2.3:o:cisco:ios_xe:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

49.4%

JSON

Related for CVE-2014-3403