| Vulnerability Name: | CVE-2014-3347 (CCN-95558) | ||||||||
| Assigned: | 2014-08-27 | ||||||||
| Published: | 2014-08-27 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-399 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3347 Source: CCN Type: Cisco Security Notice Cisco 1800 Series ISDN Basic Rate Interface Denial of Service Source: CISCO Type: Vendor Advisory 20140827 Cisco 1800 Series ISR ISDN Basic Rate Interface Denial of Service Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=35453 Source: BID Type: UNKNOWN 69439 Source: CCN Type: BID-69439 Cisco 1800 Series CVE-2014-3347 Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1030772 Source: XF Type: UNKNOWN cisco-isr-cve20143347-dos(95558) Source: XF Type: UNKNOWN cisco-isr-cve20143347-dos(95558) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||