CVE-2014-3290 — Cisco IOS XE vulnerability

CWE-2647 documents7 sources

Severity

4.8MEDIUMNVD

EPSS

0.6%

top 31.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Cisco IOS XE

Timeline

PublishedJun 14

Latest updateJan 13

Description

The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867.

CVSS vector

AV:A/AC:L/C:P/I:P/A:NExploitability: 6.5 | Impact: 4.9

Affected Packages2 packages

▶NVDcisco/ios_xe3.12s

▶Linuxlinux/linux_kernel5.6.0 — 6.1.160+3

🔴Vulnerability Details

OSV

f2fs: fix to avoid updating compression context during writeback↗2026-01-13

▶

GHSA

GHSA-px85-wqgv-cw85: The mDNS implementation in Cisco IOS XE 3↗2022-05-17

▶

CVEList

CVE-2014-3290: The mDNS implementation in Cisco IOS XE 3↗2014-06-14

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability↗2014-06-13

▶