CVE-2014-3347

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

CVSS v2.0 5.4 MEDIUM

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 4.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35453	Vendor Advisory
http://www.securitytracker.com/id/1030772
http://www.securityfocus.com/bid/69439
https://exchange.xforce.ibmcloud.com/vulnerabilities/95558

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios:15.1\(4\)m2:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1802_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1803_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1801_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1811_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1812_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1841_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1861_integrated_service_router:-:::::::*

Information

Published : 2014-08-28 16:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-3347

Mitre link : CVE-2014-3347

JSON object : View

CWE

CWE-399

Resource Management Errors

Advertisement

Products Affected

cisco

1802_integrated_service_router
1861_integrated_service_router
1811_integrated_service_router
1803_integrated_service_router
1801_integrated_service_router
1812_integrated_service_router
1841_integrated_service_router
ios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347", "name": "20140827 Cisco 1800 Series ISR ISDN Basic Rate Interface Denial of Service Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1030772", "name": "1030772", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/69439", "name": "69439", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95558", "name": "cisco-isr-cve20143347-dos(95558)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3347", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-08-28T23:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)m2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:1802_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:1803_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:1801_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:1811_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:1812_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:1841_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:1861_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}