CVE-2014-3358 : Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.

Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.

Published 2014-09-25 10:55:09

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-3358

Cisco » IOS » Version: 15.0
cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.1
cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.2
cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4
cpe:2.3:o:cisco:ios:15.4:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.5.0e
cpe:2.3:o:cisco:ios_xe:3.5.0e:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.5.1e
cpe:2.3:o:cisco:ios_xe:3.5.1e:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.3.0se
cpe:2.3:o:cisco:ios_xe:3.3.0se:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.3.1se
cpe:2.3:o:cisco:ios_xe:3.3.1se:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.3(.0)xo
cpe:2.3:o:cisco:ios_xe:3.3\(.0\)xo:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.11.0s
cpe:2.3:o:cisco:ios_xe:3.11.0s:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3358

EPSS FAQ

0.90%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3358

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-3358

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3358

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/96183

Cisco IOS mDNS denial of service CVE-2014-3358 Vulnerability Report
http://www.securitytracker.com/id/1030898

Cisco IOS mDNS Bugs Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/70139

Cisco IOS and IOS XE Software Multicast DNS Gateway Memory Leak Denial of Service Vulnerability

Jump to

Vulnerability Details : CVE-2014-3358

Products affected by CVE-2014-3358

Exploit prediction scoring system (EPSS) score for CVE-2014-3358

CVSS scores for CVE-2014-3358

CWE ids for CVE-2014-3358

References for CVE-2014-3358