Vulnerability CVE-2014-3347


Published: 2014-08-28

Description:
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

Vendor: Cisco
Product: IOS 
Version: 15.1(4)m2;
Product: 1841 integrated service router 
Product: 1801 integrated service router 
Product: 1803 integrated service router 
Product: 1812 integrated service router 
Product: 1861 integrated service router 
Product: 1802 integrated service router 
Product: 1811 integrated service router 

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
6.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347
http://tools.cisco.com/security/center/viewAlert.x?alertId=35453
http://www.securityfocus.com/bid/69439
http://www.securitytracker.com/id/1030772
http://xforce.iss.net/xforce/xfdb/95558

Related CVE
CVE-2018-0115
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability ...
CVE-2018-0111
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attac...
CVE-2018-0110
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetin...
CVE-2018-0109
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attac...
CVE-2018-0108
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to condu...
CVE-2018-0107
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection....
CVE-2018-0106
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An...
CVE-2018-0105
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit thi...

Copyright 2018, cxsecurity.com

 

Back to Top