Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability

Cisco-SA-20141008-CVE-2014-3402 · Medium · Published · Updated

A vulnerability in the web framework of Cisco Intrusion Prevention System (IPS) Software could allow an authenticated, remote attacker to cause MainApp to hang intermittently because the authentication manager process creates a denial of service (DoS) condition. The vulnerability is due to improper handling of user tokens. An attacker could exploit this vulnerability by sending a crafted connection request to the Cisco IPS management interface. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, an attacker must have authenticated access to the targeted system. This access requirement may reduce the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-3402
Cisco Bug IDsCSCuq39550
CVSS ScoreBase 4.0
Base 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Intrusion Prevention System (IPS), Intrusion Prevention System (IPS)

Related Products

Product CVE Evidence
Intrusion Prevention System (IPS) CVE-2014-3402 Cisco OpenVuln
Cisco Intrusion Prevention System (IPS) CVE-2014-3402 Cisco OpenVuln