CVE-2014-3321Improper Input Validation in Cisco IOS XR

CWE-20Improper Input Validation5 documents5 sources
Severity
5.7MEDIUMNVD
EPSS
0.4%
top 36.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedJul 18
Latest updateMay 17

Description

Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xr4.3.4+3

🔴Vulnerability Details

2
GHSA
GHSA-w963-wfhc-pqh3: Cisco IOS XR 42022-05-17
CVEList
CVE-2014-3321: Cisco IOS XR 42014-07-18

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability2014-07-15
CVE-2014-3321 — Improper Input Validation in Cisco | cvebase