Vulnerability Details : CVE-2014-3331
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-3331
- cpe:2.3:a:cisco:asr_5000_series_software:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:17.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:16.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:16.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:16.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asr_5000_series_software:12.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3331
2.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-3331
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3331
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95357
Cisco Packet Data Network Gateway TCP packets denial of service CVE-2014-3331 Vulnerability Report
-
http://www.securityfocus.com/bid/69281
Cisco ASR 5000 Series Software CVE-2014-3331 Denial of Service Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3331
Cisco Packet Data Network Gateway Denial of Service VulnerabilityVendor Advisory
-
http://secunia.com/advisories/60706
Sign in
-
http://www.securitytracker.com/id/1030747
Cisco ASR Router Packet Data Network Gateway Session Manager Lets Remote Users Deny Service - SecurityTracker
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=35346
Cisco Packet Data Network Gateway Denial of Service VulnerabilityVendor Advisory
Jump to