CVE-2014-3358

Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml
http://www.securityfocus.com/bid/70139
http://www.securitytracker.com/id/1030898
https://exchange.xforce.ibmcloud.com/vulnerabilities/96183

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:15.0:::::::*
	cpe:2.3:o:cisco:ios:15.1:::::::*
	cpe:2.3:o:cisco:ios:15.2:::::::*
	cpe:2.3:o:cisco:ios:15.4:::::::*
	cpe:2.3:o:cisco:ios_xe:3.3\(.0\)xo:::::::*
	cpe:2.3:o:cisco:ios_xe:3.3.0se:::::::*
	cpe:2.3:o:cisco:ios_xe:3.3.1se:::::::*
	cpe:2.3:o:cisco:ios_xe:3.5.0e:::::::*
	cpe:2.3:o:cisco:ios_xe:3.5.1e:::::::*
	cpe:2.3:o:cisco:ios_xe:3.11.0s:::::::*

History

No history.

Information

Published : 2014-09-25 10:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-3358

Mitre link : CVE-2014-3358

CVE.ORG link : CVE-2014-3358

JSON object : View

Products Affected

cisco

ios
ios_xe

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2014-3358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-25T10:55:08.590", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/70139", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030898", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96183", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950."}, {"lang": "es", "value": "Fuga de informaci\u00f3n en Cisco IOS 15.0, 15.1, 15.2, y 15.4 y IOS XE 3.3.xSE anterior a 3.3.2SE, 3.3.xXO anterior a 3.3.1XO, 3.5.xE anterior a 3.5.2E, y 3.11.xS anterior a 3.11.1S permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria o recarga de dispositivo) a trav\u00e9s de paquetes mDNS malformados, tambi\u00e9n conocido como Bug ID CSCuj58950."}], "lastModified": "2017-08-29T01:34:44.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84"}, {"criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836"}, {"criteria": "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2AB6A02-B7C7-48D1-8857-BD1CDF9A40D8"}, {"criteria": "cpe:2.3:o:cisco:ios:15.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D549F66-13E6-4AB0-972D-6F7FE6DB82DB"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.3\\(.0\\)xo:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B24D4850-4857-4608-8F37-063B05ED18CD"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.3.0se:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEC52EC4-6658-40AB-A357-F9B538F21ED2"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.3.1se:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B34E77-D0BD-4501-A125-CDBE9A47031F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.5.0e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C14EB390-BA15-45C9-B971-D66CD98B0EDC"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.5.1e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "748C5458-8F16-4DA4-8BDE-D00BF42DC8C0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.11.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DAC081C-9A22-4CBC-A9D0-DD9995801791"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}