Sign-up

ID

VAR-201409-0398


CVE

CVE-2014-3348


TITLE

Cisco Unified Computing System E Series blade server Integrated Management Controller of SSH Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004131

DESCRIPTION

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. Cisco Unified Computing System E-Series are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to become unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuo69206

Trust: 1.98

sources: NVD: CVE-2014-3348 // JVNDB: JVNDB-2014-004131 // BID: 69652 // VULHUB: VHN-71288

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system e160dscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system en120s m2scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system e140dscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:lteversion:2.2.2

Trust: 1.0

vendor:ciscomodel:unified computing system e160dpscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system e140dpscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system e140s m1scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system e140s m2scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:integrated management controllerscope:ltversion:2.3.1

Trust: 0.8

vendor:ciscomodel:ucs e140dscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs e140dpscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs e140s m1scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs e140s m2scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs e160dscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs e160dpscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs en120s m2scope: - version: -

Trust: 0.8

vendor:ciscomodel:integrated management controllerscope:eqversion:2.2.2

Trust: 0.6

vendor:ciscomodel:unified computing system e-series softwarescope:eqversion:2.2.2

Trust: 0.3

vendor:ciscomodel:unified computing system e-series softwarescope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:unified computing system e-series softwarescope:eqversion:1.0.2

Trust: 0.3

vendor:ciscomodel:unified computing system e-series softwarescope:eqversion:1.0.1

Trust: 0.3

sources: BID: 69652 // JVNDB: JVNDB-2014-004131 // CNNVD: CNNVD-201409-448 // NVD: CVE-2014-3348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3348
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3348
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201409-448
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71288
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3348
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71288
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71288 // JVNDB: JVNDB-2014-004131 // CNNVD: CNNVD-201409-448 // NVD: CVE-2014-3348

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-119

Trust: 0.8

sources: VULHUB: VHN-71288 // JVNDB: JVNDB-2014-004131 // NVD: CVE-2014-3348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-448

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201409-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004131

PATCH
title:cisco-sa-20140908-ucseurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse
Trust: 0.8
title:Cisco Integrated Management Controller SSH Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3348
Trust: 0.8
title:35588url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35588
Trust: 0.8
title:35308url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35308
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004131

EXTERNAL IDS
db:NVDid:CVE-2014-3348
Trust: 2.8
db:BIDid:69652
Trust: 1.4
db:SECTRACKid:1030813
Trust: 1.1
db:JVNDBid:JVNDB-2014-004131
Trust: 0.8
db:CNNVDid:CNNVD-201409-448
Trust: 0.7
db:VULHUBid:VHN-71288
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71288 // 
            
            
            
            BID: 69652 // 
            
            
            
            JVNDB: JVNDB-2014-004131 // 
            
            
            
            CNNVD: CNNVD-201409-448 // 
            
            
            
            NVD: CVE-2014-3348

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3348
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35588
Trust: 2.0
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140908-ucse
Trust: 1.7
url:http://www.securityfocus.com/bid/69652
Trust: 1.1
url:http://www.securitytracker.com/id/1030813
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95782
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3348
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3348
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71288 // 
            
            
            
            BID: 69652 // 
            
            
            
            JVNDB: JVNDB-2014-004131 // 
            
            
            
            CNNVD: CNNVD-201409-448 // 
            
            
            
            NVD: CVE-2014-3348

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 69652

SOURCES
db:VULHUBid:VHN-71288
db:BIDid:69652
db:JVNDBid:JVNDB-2014-004131
db:CNNVDid:CNNVD-201409-448
db:NVDid:CVE-2014-3348

LAST UPDATE DATE
2025-04-13T23:25:22.906000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71288date:2017-08-29T00:00:00
db:BIDid:69652date:2014-09-05T00:00:00
db:JVNDBid:JVNDB-2014-004131date:2014-11-10T00:00:00
db:CNNVDid:CNNVD-201409-448date:2014-09-12T00:00:00
db:NVDid:CVE-2014-3348date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71288date:2014-09-10T00:00:00
db:BIDid:69652date:2014-09-05T00:00:00
db:JVNDBid:JVNDB-2014-004131date:2014-09-11T00:00:00
db:CNNVDid:CNNVD-201409-448date:2014-09-12T00:00:00
db:NVDid:CVE-2014-3348date:2014-09-10T10:55:07.880