CVE-2014-3335Improper Input Validation in Cisco IOS XR

CWE-20Improper Input ValidationCWE-3995 documents5 sources
Severity
4.6MEDIUMNVD
EPSS
0.5%
top 32.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedAug 26
Latest updateMay 17

Description

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.

CVSS vector

AV:A/AC:H/C:N/I:N/A:CExploitability: 3.2 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xr4.3.2+2

🔴Vulnerability Details

3
GHSA
GHSA-5cw5-jwpw-v565: Cisco IOS XR 42022-05-17
OSV
linux vulnerabilities2017-06-29
CVEList
CVE-2014-3335: Cisco IOS XR 42014-08-26

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability2014-08-25
CVE-2014-3335 — Improper Input Validation in Cisco | cvebase