CVE-2014-3321 : Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual in

Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.

Published 2014-07-18 00:55:05

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-3321

Cisco » Ios Xr
Versions up to, including, (<=) 4.3.4
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 4.3.1
cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 4.3.0
cpe:2.3:o:cisco:ios_xr:4.3.0:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 4.3.2
cpe:2.3:o:cisco:ios_xr:4.3.2:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9000 Rsp440 Router » Version: N/A
cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9001 » Version: N/A
cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9904 » Version: N/A
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9006 » Version: N/A
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9010 » Version: N/A
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9912 » Version: N/A
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 9922 » Version: N/A
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3321

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3321

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.7	MEDIUM	AV:A/AC:M/Au:N/C:N/I:N/A:C	5.5	6.9	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-3321

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3321

http://tools.cisco.com/security/center/viewAlert.x?alertId=34936

Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321

Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1030597

Cisco ASR 9000 Series IOS XR Router MPLS Processing Flaw Lets Remote Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2014-3321

Products affected by CVE-2014-3321

Exploit prediction scoring system (EPSS) score for CVE-2014-3321

CVSS scores for CVE-2014-3321

CWE ids for CVE-2014-3321

References for CVE-2014-3321