Details of VAR-201410-1002

ID

VAR-201410-1002

CVE

CVE-2014-3383

TITLE

Cisco ASA Software VPN Component IKE Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004657

DESCRIPTION

The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. Cisco Adaptive Security Appliance (ASA) Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCul36176. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the fact that the program does not process UDP packets correctly

Trust: 1.98

sources: NVD: CVE-2014-3383 // JVNDB: JVNDB-2014-004657 // BID: 70302 // VULHUB: VHN-71323

AFFECTED PRODUCTS

vendor:	cisco	model:	asa	scope:	eq	version:	9.1.5	Trust: 1.6
vendor:	cisco	model:	asa	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(5.1)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	(asa)	Trust: 0.8

sources: JVNDB: JVNDB-2014-004657 // CNNVD: CNNVD-201410-206 // NVD: CVE-2014-3383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3383
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3383
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-206
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71323
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3383
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71323
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71323 // JVNDB: JVNDB-2014-004657 // CNNVD: CNNVD-201410-206 // NVD: CVE-2014-3383

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-71323 // JVNDB: JVNDB-2014-004657 // NVD: CVE-2014-3383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-206

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201410-206

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004657

PATCH

title:	cisco-sa-20141008-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa	Trust: 0.8
title:	35906	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35906	Trust: 0.8
title:	cisco-sa-20141008-asa	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126286_cisco-sa-20141008-asa-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-004657

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3383	Trust: 2.8
db:	BID	id:	70302	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-004657	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-206	Trust: 0.7
db:	VULHUB	id:	VHN-71323	Trust: 0.1

sources: VULHUB: VHN-71323 // BID: 70302 // JVNDB: JVNDB-2014-004657 // CNNVD: CNNVD-201410-206 // NVD: CVE-2014-3383

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa	Trust: 1.7
url:	http://www.securityfocus.com/bid/70302	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3383	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3383	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71323 // BID: 70302 // JVNDB: JVNDB-2014-004657 // CNNVD: CNNVD-201410-206 // NVD: CVE-2014-3383

CREDITS

Cisco

Trust: 0.3

sources: BID: 70302

SOURCES

db:	VULHUB	id:	VHN-71323
db:	BID	id:	70302
db:	JVNDB	id:	JVNDB-2014-004657
db:	CNNVD	id:	CNNVD-201410-206
db:	NVD	id:	CVE-2014-3383

LAST UPDATE DATE

2025-04-13T23:21:24.768000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71323	date:	2016-11-28T00:00:00
db:	BID	id:	70302	date:	2015-07-15T00:03:00
db:	JVNDB	id:	JVNDB-2014-004657	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-206	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3383	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71323	date:	2014-10-10T00:00:00
db:	BID	id:	70302	date:	2014-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-004657	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-206	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3383	date:	2014-10-10T10:55:06.197