CVE-2014-3358OS Command Injection in Cisco IOS

CWE-78OS Command InjectionCWE-20Improper Input ValidationCWE-3995 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 25.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 17

Description

Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios4 versions+3
NVDcisco/ios_xe6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-v932-7xc2-r47c: Memory leak in Cisco IOS 152022-05-17
CVEList
CVE-2014-3358: Memory leak in Cisco IOS 152014-09-25

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System2014-09-24

💬Community

1
Bugzilla
CVE-2014-9900 kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()2017-08-14
CVE-2014-3358 — OS Command Injection in Cisco IOS | cvebase