CVE-2014-3262 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 29.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedMay 16

Latest updateMay 17

Description

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ios15.3\(3\)s+3

🔴Vulnerability Details

GHSA

GHSA-mf7q-r36h-f2c2: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15↗2022-05-17

▶

CVEList

CVE-2014-3262: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15↗2014-05-16

▶

📋Vendor Advisories

Cisco

Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability↗2014-05-14

▶