var-201407-0372
Vulnerability from variot
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. Vendors have confirmed this vulnerability Bug ID CSCun83985 It is released as.A third party can send a large number of crafted packets to disrupt service operations. (CPU Resource consumption ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. On the Trident line card of the Cisco ASR 9000 series router, there is a security hole in the implementation of punt-police. Cisco IOS XR is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCun83985. The vulnerability stems from the lack of a static punt policer in the software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xr",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9001",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "asr 9006",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9904",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9000 rsp440 router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9922",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9912",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9010",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9000 series rsp440",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9001 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9006 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9010 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9904 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9912 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9922 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "none"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3308"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "68351"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-3308",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04083",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71248",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3308",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-04083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-180",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "VULHUB",
"id": "VHN-71248"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. Vendors have confirmed this vulnerability Bug ID CSCun83985 It is released as.A third party can send a large number of crafted packets to disrupt service operations. (CPU Resource consumption ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. On the Trident line card of the Cisco ASR 9000 series router, there is a security hole in the implementation of punt-police. Cisco IOS XR is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause denial-of-service conditions. \nThis issue is being tracked by Cisco Bug ID CSCun83985. The vulnerability stems from the lack of a static punt policer in the software",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "BID",
"id": "68351"
},
{
"db": "VULHUB",
"id": "VHN-71248"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3308",
"trust": 3.4
},
{
"db": "BID",
"id": "68351",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1030525",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58869",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-180",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04083",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71248",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "VULHUB",
"id": "VHN-71248"
},
{
"db": "BID",
"id": "68351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"id": "VAR-201407-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "VULHUB",
"id": "VHN-71248"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
}
]
},
"last_update_date": "2023-12-18T14:01:57.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3308"
},
{
"title": "34843",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34843"
},
{
"title": "Cisco IOS XR Software Static Punt Policer Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47170"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71248"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "NVD",
"id": "CVE-2014-3308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68351"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3308"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34843"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030525"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58869"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3308"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3308"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "VULHUB",
"id": "VHN-71248"
},
{
"db": "BID",
"id": "68351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "VULHUB",
"id": "VHN-71248"
},
{
"db": "BID",
"id": "68351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"date": "2014-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-71248"
},
{
"date": "2014-07-03T00:00:00",
"db": "BID",
"id": "68351"
},
{
"date": "2014-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"date": "2014-07-07T11:01:30.227000",
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"date": "2014-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-71248"
},
{
"date": "2014-07-08T15:17:00",
"db": "BID",
"id": "68351"
},
{
"date": "2014-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003228"
},
{
"date": "2017-01-12T11:42:44.960000",
"db": "NVD",
"id": "CVE-2014-3308"
},
{
"date": "2014-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR Software Static Punt Policer Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04083"
},
{
"db": "BID",
"id": "68351"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-180"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.