CVE-2014-3295
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
14/06/2014
Last modified:
12/04/2025
Description
The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.
Impact
Base Score 2.0
4.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* | 6.2\(2a\) (including) | |
| cpe:2.3:o:cisco:nx-os:4.1.\(2\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.1.\(3\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.1.\(4\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.1.\(5\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.2\(3\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.2\(4\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.2\(6\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.2\(8\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:4.2.\(2a\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:5.0\(2a\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:5.0\(3\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:5.0\(5\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:5.1\(1a\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:5.1\(3\):*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/59158
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34585
- http://www.securityfocus.com/bid/67983
- http://www.securitytracker.com/id/1030409
- http://secunia.com/advisories/59158
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34585
- http://www.securityfocus.com/bid/67983
- http://www.securitytracker.com/id/1030409