Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20140924-METADATA
HistorySep 24, 2014 - 4:00 p.m.

Cisco IOS Software Metadata Vulnerabilities

2014-09-2416:00:00
tools.cisco.com
15

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device.

The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition.

Cisco has released software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata”]

Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html”]

CPENameOperatorVersion
ioseq15.2S
ioseq15.3T
ioseq15.2M
ioseq15.0EX
ioseq15.2GC
ioseq15.1SY
ioseq15.3S
ioseq15.3M
ioseq15.2SC
ioseq15.2JAZ
Rows per page:
1-10 of 981

Related

nessus 4
prion 2
cve 2
cloudfoundry 1
securityvulns 1
ics 1
nessus
nessus
Cisco IOS XE Software Multiple IPv6 Metadata Flow Vulnerabilities (cisco-sa-20140924-metadata)
2014-10-02 00:00:00
Cisco IOS Software Multiple IPv6 Metadata Flow Vulnerabilities (cisco-sa-20140924-metadata)
2014-10-02 00:00:00
Rockwell Automation Stratix Multiple Vulnerabilities in Cisco IOS Software Metadata (CVE-2014-3356)
2023-11-15 00:00:00
prion
prion
Code injection
2014-09-25 10:55:00
Design/Logic Flaw
2014-09-25 10:55:00
cve
cve
CVE-2014-3356
2014-09-25 10:55:00
CVE-2014-3355
2014-09-25 10:55:00
cloudfoundry
cloudfoundry
CVE-2014-3566 SSLV3 POODLE | Cloud Foundry
2014-10-16 00:00:00
securityvulns
securityvulns
Cisco IOS multiple security vulnerabilities
2014-09-29 00:00:00
ics
ics
Rockwell Automation Stratix 5900
2017-05-10 12:00:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON
Related for CISCO-SA-20140924-METADATA
nessus4prion2cve2cloudfoundry1securityvulns1ics1