CVE-2014-3402

CWE-287 — Improper Authentication4 documents4 sources

Severity

5.0MEDIUM

EPSS

0.5%

top 35.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Intrusion Prevention System

Timeline

PublishedOct 10

Latest updateMay 17

Description

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/intrusion_prevention_system7.0\(8\)e4+9

🔴Vulnerability Details

GHSA

GHSA-mxxp-82c5-w5g9: The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7↗2022-05-17

▶

CVEList

CVE-2014-3402: The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7↗2014-10-10

▶

📋Vendor Advisories

Cisco

Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability↗2014-10-09

▶