CVE-2014-3347

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

CVSS v2.0 5.4 MEDIUM

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 4.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35453	Vendor Advisory
http://www.securityfocus.com/bid/69439
http://www.securitytracker.com/id/1030772
https://exchange.xforce.ibmcloud.com/vulnerabilities/95558

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios:15.1\(4\)m2:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1801_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1802_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1803_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1811_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1812_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1841_integrated_service_router:-:::::::*
	cpe:2.3:h:cisco:1861_integrated_service_router:-:::::::*

History

No history.

Information

Published : 2014-08-28 23:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-3347

Mitre link : CVE-2014-3347

CVE.ORG link : CVE-2014-3347

JSON object : View

Products Affected

cisco

1801_integrated_service_router
1812_integrated_service_router
1811_integrated_service_router
1841_integrated_service_router
1803_integrated_service_router
ios
1861_integrated_service_router
1802_integrated_service_router

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2014-3347", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-28T23:55:05.513", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/69439", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030772", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95558", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897."}, {"lang": "es", "value": "Cisco IOS 15.1(4)M2 en los dispositivos Cisco 1800 ISR, cuando la interfaz ISDN Basic Rate est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del dispositivo) mediante el aprovechamiento del conocimiento del n\u00famero de tel\u00e9fono ISDN para provocar una colisi\u00f3n de interrumpir el temporizador durante la colecci\u00f3n de entrop\u00eda, que lleva a un estado inv\u00e1lido del m\u00f3dulo de la codificaci\u00f3n de hardware, tambi\u00e9n conocido como Bug ID CSCul77897."}], "lastModified": "2017-08-29T01:34:43.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)m2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6777AC09-8BA9-4595-89C2-1EAD0310B78B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1801_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5E48D7-2266-4649-90A9-62C476AFE6DE"}, {"criteria": "cpe:2.3:h:cisco:1802_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99581637-E184-4A02-8313-57C7C31E5479"}, {"criteria": "cpe:2.3:h:cisco:1803_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6D4A90-31B9-4B6C-ADAC-44C49DB44115"}, {"criteria": "cpe:2.3:h:cisco:1811_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3AF3F75-0BD8-4AA6-B696-3624BEE86681"}, {"criteria": "cpe:2.3:h:cisco:1812_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C58CEA6-69F8-4021-98C9-4676C70AB167"}, {"criteria": "cpe:2.3:h:cisco:1841_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF156D97-7C39-49CF-9938-D9681066FF05"}, {"criteria": "cpe:2.3:h:cisco:1861_integrated_service_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459FEB4E-54E3-4FE5-82A5-6E4ECE855DD6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}