CVE-2014-3357 : Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO

Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.

Published 2014-09-25 10:55:09

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-3357

Cisco » IOS » Version: 15.0
cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.1
cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.2
cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4
cpe:2.3:o:cisco:ios:15.4:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.5.0e
cpe:2.3:o:cisco:ios_xe:3.5.0e:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.5.1e
cpe:2.3:o:cisco:ios_xe:3.5.1e:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.3.0se
cpe:2.3:o:cisco:ios_xe:3.3.0se:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.3.1se
cpe:2.3:o:cisco:ios_xe:3.3.1se:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.3(.0)xo
cpe:2.3:o:cisco:ios_xe:3.3\(.0\)xo:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.11.0s
cpe:2.3:o:cisco:ios_xe:3.11.0s:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3357

EPSS FAQ

0.90%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3357

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-3357

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3357

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml

CVEs referencing this url
http://www.securitytracker.com/id/1030898

Cisco IOS mDNS Bugs Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/70132

Cisco IOS and IOS XE Software CVE-2014-3357 Multicast DNS Gateway Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/96182

Cisco IOS mDNS denial of service CVE-2014-3357 Vulnerability Report

Jump to

Vulnerability Details : CVE-2014-3357

Products affected by CVE-2014-3357

Exploit prediction scoring system (EPSS) score for CVE-2014-3357

CVSS scores for CVE-2014-3357

CWE ids for CVE-2014-3357

References for CVE-2014-3357