What is the severity of CVE-2014-3347?

CVE-2014-3347 has a high severity rating as it can lead to a denial of service for affected Cisco IOS devices.

How do I fix CVE-2014-3347?

To mitigate CVE-2014-3347, upgrade to a version of Cisco IOS that is not affected by this vulnerability.

Which devices are affected by CVE-2014-3347?

CVE-2014-3347 affects Cisco 1800 ISR devices running IOS version 15.1(4)M2 with ISDN Basic Rate Interface enabled.

Can CVE-2014-3347 be exploited remotely?

Yes, CVE-2014-3347 can be exploited remotely by attackers who know the ISDN phone number.

What is the risk of not addressing CVE-2014-3347?

Failing to address CVE-2014-3347 may result in device hangs, leading to service interruptions and potential downtime.

Vulnerability/
CVE-2014-3347

medium

5.4

CWE

399

28/8/2014

6/8/2024

CVE-2014-3347

First published: Thu Aug 28 2014(Updated: )

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Puppet Cisco IOS	=15.1\(4\)m2
Cisco 1801 Integrated Service Router
Cisco 1802 Integrated Service Router
Cisco 1803 Integrated Service Router
Cisco 1811 Integrated Service Router
Cisco 1812 Integrated Service Router
Cisco 1841 Integrated Service Router
Cisco 1861 Integrated Service Router

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3347?
CVE-2014-3347 has a high severity rating as it can lead to a denial of service for affected Cisco IOS devices.
How do I fix CVE-2014-3347?
To mitigate CVE-2014-3347, upgrade to a version of Cisco IOS that is not affected by this vulnerability.
Which devices are affected by CVE-2014-3347?
CVE-2014-3347 affects Cisco 1800 ISR devices running IOS version 15.1(4)M2 with ISDN Basic Rate Interface enabled.
Can CVE-2014-3347 be exploited remotely?
Yes, CVE-2014-3347 can be exploited remotely by attackers who know the ISDN phone number.
What is the risk of not addressing CVE-2014-3347?
Failing to address CVE-2014-3347 may result in device hangs, leading to service interruptions and potential downtime.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/author
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco ios
version/cisco ios/15.1\(4\)m2
canonical/cisco 1801 integrated service router
canonical/cisco 1802 integrated service router
canonical/cisco 1803 integrated service router
canonical/cisco 1811 integrated service router
canonical/cisco 1812 integrated service router
canonical/cisco 1841 integrated service router
canonical/cisco 1861 integrated service router

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.