CVE-2014-3331: Input Validation
First published: Wed Aug 20 2014(Updated: )
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ASR 5000 Series Aggregation Services Routers | =11.0 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =12.0 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =12.1 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =12.2 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =14.0 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =15.0 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =16.1.0 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =16.1.1 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =16.1.2 | |
| Cisco ASR 5000 Series Aggregation Services Routers | =17.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/60706
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3331
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35346
- http://www.securityfocus.com/bid/69281
- http://www.securitytracker.com/id/1030747
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95357
Frequently Asked Questions
What is the severity of CVE-2014-3331?
CVE-2014-3331 has been classified as a moderate severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2014-3331?
To mitigate CVE-2014-3331, it's recommended to update the Cisco ASR 5000 Series Software to a patched version.
What systems are affected by CVE-2014-3331?
CVE-2014-3331 affects Cisco ASR 5000 Series Software versions 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, and 16.x up to 16.1.2, and 17.0.
What type of attack does CVE-2014-3331 allow?
CVE-2014-3331 allows remote attackers to trigger a denial of service by sending crafted TCP packets.
Is CVE-2014-3331 still exploitable?
The exploitability of CVE-2014-3331 depends on the deployment of vulnerable versions in production environments without patches applied.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asr 5000 series aggregation services routers
- version/cisco asr 5000 series aggregation services routers/11.0
- version/cisco asr 5000 series aggregation services routers/12.0
- version/cisco asr 5000 series aggregation services routers/12.1
- version/cisco asr 5000 series aggregation services routers/12.2
- version/cisco asr 5000 series aggregation services routers/14.0
- version/cisco asr 5000 series aggregation services routers/15.0
- version/cisco asr 5000 series aggregation services routers/16.1.0
- version/cisco asr 5000 series aggregation services routers/16.1.1
- version/cisco asr 5000 series aggregation services routers/16.1.2
- version/cisco asr 5000 series aggregation services routers/17.0.0