CVE-2014-3376 — Improper Input Validation in Cisco IOS XR

CWE-20 — Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.2%
top 21.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedSep 20
Latest updateMay 17

Description

Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDcisco/ios_xr55 versions+54

🔴Vulnerability Details

2
GHSA
GHSA-97jw-c963-w933: Cisco IOS XR 5↗2022-05-17
â–¶
CVEList
CVE-2014-3376: Cisco IOS XR 5↗2014-09-20
â–¶

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability↗2014-09-19
â–¶
CVE-2014-3376 — Improper Input Validation in Cisco | cvebase