CVE-2014-3356 ā€” Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-119 ā€” Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3995 documents5 sources
Severity
7.8HIGHNVD
EPSS
1.9%
top 16.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 17

Description

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

ā–¶NVDcisco/ios_xe17 versions+16

šŸ”“Vulnerability Details

2
GHSA
GHSA-58r9-hhg2-63wm: The metadata flow feature in Cisco IOS 15ā†—2022-05-17
ā–¶
CVEList
CVE-2014-3356: The metadata flow feature in Cisco IOS 15ā†—2014-09-25
ā–¶

šŸ“‹Vendor Advisories

2
CISA ICS
Rockwell Automation Stratix 5900ā†—2017-05-10
ā–¶
Cisco
Cisco IOS Software Metadata Vulnerabilitiesā†—2014-09-24
ā–¶
CVE-2014-3356 ā€” Cisco IOS XE vulnerability | cvebase