CVE-2014-3322Improper Input Validation in Cisco IOS XR

CWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 29.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedJul 24
Latest updateMay 17

Description

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xr4.3.2+2

🔴Vulnerability Details

2
GHSA
GHSA-qjvm-m4mm-3r2j: Cisco IOS XR 42022-05-17
CVEList
CVE-2014-3322: Cisco IOS XR 42014-07-24

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability2014-07-23
CVE-2014-3322 — Improper Input Validation in Cisco | cvebase