CVE-2014-3405 : Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673.

Published 2014-10-10 01:55:09

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2014-3405

Cisco » Ios Xe » Version: N/A
cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3405

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3405

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.8	MEDIUM	AV:A/AC:L/Au:N/C:N/I:P/A:P	6.5	4.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2014-3405

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3405

Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-3405

Products affected by CVE-2014-3405

Exploit prediction scoring system (EPSS) score for CVE-2014-3405

CVSS scores for CVE-2014-3405

References for CVE-2014-3405