Details of VAR-201409-0403

ID

VAR-201409-0403

CVE

CVE-2014-3380

TITLE

Cisco Unified Communications Domain Manager Platform Software Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004394

DESCRIPTION

Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. A remote attacker may exploit this issue to trigger denial-of-service condition due to excessive CPU utilization. This issue is being tracked by Cisco Bug ID CSCuo42063. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3380 // JVNDB: JVNDB-2014-004394 // BID: 70044 // VULHUB: VHN-71320

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4\(.3\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager platform software	scope:	lte	version:	4.4(.3)	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.3	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.2	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.1	Trust: 0.3

sources: BID: 70044 // JVNDB: JVNDB-2014-004394 // CNNVD: CNNVD-201409-892 // NVD: CVE-2014-3380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3380
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3380
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201409-892
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71320
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3380
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71320
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71320 // JVNDB: JVNDB-2014-004394 // CNNVD: CNNVD-201409-892 // NVD: CVE-2014-3380

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-71320 // JVNDB: JVNDB-2014-004394 // NVD: CVE-2014-3380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-892

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201409-892

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004394

PATCH

title:	Cisco Unified Communications Domain Manager High CPU Utilization Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3380	Trust: 0.8
title:	35803	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35803	Trust: 0.8

sources: JVNDB: JVNDB-2014-004394

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3380	Trust: 2.8
db:	BID	id:	70044	Trust: 1.4
db:	SECTRACK	id:	1030885	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004394	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-892	Trust: 0.7
db:	VULHUB	id:	VHN-71320	Trust: 0.1

sources: VULHUB: VHN-71320 // BID: 70044 // JVNDB: JVNDB-2014-004394 // CNNVD: CNNVD-201409-892 // NVD: CVE-2014-3380

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3380	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35803	Trust: 2.0
url:	http://www.securityfocus.com/bid/70044	Trust: 1.1
url:	http://www.securitytracker.com/id/1030885	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96146	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3380	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3380	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71320 // BID: 70044 // JVNDB: JVNDB-2014-004394 // CNNVD: CNNVD-201409-892 // NVD: CVE-2014-3380

CREDITS

Cisco

Trust: 0.3

sources: BID: 70044

SOURCES

db:	VULHUB	id:	VHN-71320
db:	BID	id:	70044
db:	JVNDB	id:	JVNDB-2014-004394
db:	CNNVD	id:	CNNVD-201409-892
db:	NVD	id:	CVE-2014-3380

LAST UPDATE DATE

2025-04-13T23:36:34.729000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71320	date:	2017-08-29T00:00:00
db:	BID	id:	70044	date:	2015-04-13T21:03:00
db:	JVNDB	id:	JVNDB-2014-004394	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-892	date:	2014-09-24T00:00:00
db:	NVD	id:	CVE-2014-3380	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71320	date:	2014-09-24T00:00:00
db:	BID	id:	70044	date:	2014-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-004394	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-892	date:	2014-09-24T00:00:00
db:	NVD	id:	CVE-2014-3380	date:	2014-09-24T00:55:02.870