CVE-2014-3357OS Command Injection in Cisco IOS

CWE-78OS Command InjectionCWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 25.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 17

Description

Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios4 versions+3
NVDcisco/ios_xe6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-wv3m-m5wx-9rqj: Cisco IOS 152022-05-17
CVEList
CVE-2014-3357: Cisco IOS 152014-09-25

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System2014-09-24
CVE-2014-3357 — OS Command Injection in Cisco IOS | cvebase