CVE-2014-3396
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
Cisco IOS XR en los dispositivos ASR 9000 no utiliza debidamente la compresión para la codificación de los rangos de puertos y los rangos de direcciones, lo que permite a atacantes remotos evadir las restricciones ACL de la tarjeta de línea Typhoon a través de trafico de transito, también conocido como Bug ID CSCup30133.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-07 CVE Reserved
- 2014-10-05 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396 | 2014-10-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9000 Rsp440 Router Search vendor "Cisco" for product "Asr 9000 Rsp440 Router" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Affected
|