Sign-up

ID

VAR-201410-0991


CVE

CVE-2014-3293


TITLE

ASR901 Runs on device Cisco IOS Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005113

DESCRIPTION

Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. The Cisco ASR 901 Series Routers are router devices issued by Cisco. A denial of service vulnerability exists in the Cisco ASR 901 Series Routers that could allow an attacker to reload an affected device and deny service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuo29736

Trust: 2.52

sources: NVD: CVE-2014-3293 // JVNDB: JVNDB-2014-005113 // CNVD: CNVD-2014-07536 // BID: 70744 // VULHUB: VHN-71233

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-07536

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)s0b

Trust: 1.6

vendor:ciscomodel:asr901scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:asr 901 routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.4(3)s0b

Trust: 0.8

vendor:ciscomodel:asr series routersscope:eqversion:901

Trust: 0.6

sources: CNVD: CNVD-2014-07536 // JVNDB: JVNDB-2014-005113 // CNNVD: CNNVD-201410-1349 // NVD: CVE-2014-3293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3293
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3293
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-07536
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201410-1349
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71233
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3293
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-07536
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71233
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-07536 // VULHUB: VHN-71233 // JVNDB: JVNDB-2014-005113 // CNNVD: CNNVD-201410-1349 // NVD: CVE-2014-3293

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-71233 // JVNDB: JVNDB-2014-005113 // NVD: CVE-2014-3293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1349

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201410-1349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005113

PATCH
title:Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3293
Trust: 0.8
title:36195url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36195
Trust: 0.8
title:Patch for Cisco ASR 901 Series Routers Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/51386
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-07536 // 
            
            
            
            JVNDB: JVNDB-2014-005113

EXTERNAL IDS
db:NVDid:CVE-2014-3293
Trust: 3.4
db:BIDid:70744
Trust: 2.6
db:SECTRACKid:1031122
Trust: 1.1
db:SECUNIAid:61830
Trust: 1.1
db:JVNDBid:JVNDB-2014-005113
Trust: 0.8
db:CNNVDid:CNNVD-201410-1349
Trust: 0.7
db:CNVDid:CNVD-2014-07536
Trust: 0.6
db:VULHUBid:VHN-71233
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-07536 // 
            
            
            
            VULHUB: VHN-71233 // 
            
            
            
            BID: 70744 // 
            
            
            
            JVNDB: JVNDB-2014-005113 // 
            
            
            
            CNNVD: CNNVD-201410-1349 // 
            
            
            
            NVD: CVE-2014-3293

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3293
Trust: 2.3
url:http://www.securityfocus.com/bid/70744
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36195
Trust: 1.7
url:http://www.securitytracker.com/id/1031122
Trust: 1.1
url:http://secunia.com/advisories/61830
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/97769
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3293
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3293
Trust: 0.8
url:http://www.securityfocus.com/bid/70744/info
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-07536 // 
            
            
            
            VULHUB: VHN-71233 // 
            
            
            
            BID: 70744 // 
            
            
            
            JVNDB: JVNDB-2014-005113 // 
            
            
            
            CNNVD: CNNVD-201410-1349 // 
            
            
            
            NVD: CVE-2014-3293

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 70744 // 
            
            
            
            CNNVD: CNNVD-201410-1349

SOURCES
db:CNVDid:CNVD-2014-07536
db:VULHUBid:VHN-71233
db:BIDid:70744
db:JVNDBid:JVNDB-2014-005113
db:CNNVDid:CNNVD-201410-1349
db:NVDid:CVE-2014-3293

LAST UPDATE DATE
2025-04-13T23:41:27.494000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-07536date:2014-10-29T00:00:00
db:VULHUBid:VHN-71233date:2017-08-29T00:00:00
db:BIDid:70744date:2014-10-27T00:00:00
db:JVNDBid:JVNDB-2014-005113date:2014-10-30T00:00:00
db:CNNVDid:CNNVD-201410-1349date:2014-10-29T00:00:00
db:NVDid:CVE-2014-3293date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-07536date:2014-10-29T00:00:00
db:VULHUBid:VHN-71233date:2014-10-28T00:00:00
db:BIDid:70744date:2014-10-27T00:00:00
db:JVNDBid:JVNDB-2014-005113date:2014-10-30T00:00:00
db:CNNVDid:CNNVD-201410-1349date:2014-10-29T00:00:00
db:NVDid:CVE-2014-3293date:2014-10-28T19:55:02.653