Details of VAR-201405-0358

ID

VAR-201405-0358

CVE

CVE-2014-3263

TITLE

Cisco IOS of ScanSafe Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002526

DESCRIPTION

The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum97038

Trust: 2.52

sources: NVD: CVE-2014-3263 // JVNDB: JVNDB-2014-002526 // CNVD: CNVD-2014-03004 // BID: 67397 // VULHUB: VHN-71203

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03004

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.3m	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)m	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3(3)m	Trust: 0.8
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-03004 // BID: 67397 // JVNDB: JVNDB-2014-002526 // CNNVD: CNNVD-201405-293 // NVD: CVE-2014-3263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3263
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3263
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03004
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201405-293
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71203
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3263
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03004
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71203
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-03004 // VULHUB: VHN-71203 // JVNDB: JVNDB-2014-002526 // CNNVD: CNNVD-201405-293 // NVD: CVE-2014-3263

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71203 // JVNDB: JVNDB-2014-002526 // NVD: CVE-2014-3263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-293

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-293

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002526

PATCH

title:	Cisco IOS Software ScanSafe Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3263	Trust: 0.8
title:	34234	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34234	Trust: 0.8
title:	Patch for Cisco IOS Software Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45600	Trust: 0.6

sources: CNVD: CNVD-2014-03004 // JVNDB: JVNDB-2014-002526

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3263	Trust: 3.4
db:	SECTRACK	id:	1030244	Trust: 1.1
db:	BID	id:	67397	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002526	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-293	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03004	Trust: 0.6
db:	CISCO	id:	20140514 CISCO IOS SOFTWARE SCANSAFE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71203	Trust: 0.1

sources: CNVD: CNVD-2014-03004 // VULHUB: VHN-71203 // BID: 67397 // JVNDB: JVNDB-2014-002526 // CNNVD: CNNVD-201405-293 // NVD: CVE-2014-3263

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3263	Trust: 2.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34234	Trust: 1.7
url:	http://www.securitytracker.com/id/1030244	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3263	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3263	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2014-03004 // VULHUB: VHN-71203 // BID: 67397 // JVNDB: JVNDB-2014-002526 // CNNVD: CNNVD-201405-293 // NVD: CVE-2014-3263

CREDITS

Cisco

Trust: 0.3

sources: BID: 67397

SOURCES

db:	CNVD	id:	CNVD-2014-03004
db:	VULHUB	id:	VHN-71203
db:	BID	id:	67397
db:	JVNDB	id:	JVNDB-2014-002526
db:	CNNVD	id:	CNNVD-201405-293
db:	NVD	id:	CVE-2014-3263

LAST UPDATE DATE

2025-04-13T23:18:22.843000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03004	date:	2014-05-16T00:00:00
db:	VULHUB	id:	VHN-71203	date:	2016-09-07T00:00:00
db:	BID	id:	67397	date:	2014-05-16T00:52:00
db:	JVNDB	id:	JVNDB-2014-002526	date:	2014-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201405-293	date:	2014-05-19T00:00:00
db:	NVD	id:	CVE-2014-3263	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03004	date:	2014-05-16T00:00:00
db:	VULHUB	id:	VHN-71203	date:	2014-05-16T00:00:00
db:	BID	id:	67397	date:	2014-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-002526	date:	2014-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201405-293	date:	2014-05-19T00:00:00
db:	NVD	id:	CVE-2014-3263	date:	2014-05-16T11:12:01.103