Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR Software Information Disclosure Vulnerability

Cisco-SA-20140915-CVE-2014-3342 · Medium · Published · Updated

A vulnerability in the command-line interface (CLI) of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing specific system commands on the affected device. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, an attacker must authenticate to a targeted device. This access requirement may reduce the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-3342
Cisco Bug IDsCSCuq42336, CSCuq45383, CSCuq76853, CSCuq76873
CVSS ScoreBase 4.9
Base 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Carrier Routing System (CRS), Cisco ASR 9000 Series Aggregation Services Routers

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2014-3342 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2014-3342 Cisco OpenVuln
Cisco IOS Software CVE-2014-3342 Cisco OpenVuln
Cisco Carrier Routing System CVE-2014-3342 Cisco OpenVuln
Cisco ASR 900 Series Aggregation Services Routers CVE-2014-3342 Cisco OpenVuln
Cisco IOS XR Software CVE-2014-3342 Cisco OpenVuln
Cisco IOS CVE-2014-3342 Cisco OpenVuln
Cisco Carrier Routing System (CRS) CVE-2014-3342 Cisco OpenVuln
Cisco ASR 9000 Series Aggregation Services Routers CVE-2014-3342 Cisco OpenVuln