CVE-2014-3409Cisco IOS vulnerability

CWE-3993 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
1.1%
top 22.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedOct 25
Latest updateMay 17

Description

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios12.2\(33\)sre9a
NVDcisco/ios_xe3.13s

🔴Vulnerability Details

2
GHSA
GHSA-r34f-j2xr-9cv9: The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 122022-05-17
CVEList
CVE-2014-3409: The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 122014-10-25
CVE-2014-3409 — Cisco IOS vulnerability | cvebase