Vulnerability Description
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine Software | <= 1.2 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34329Vendor Advisory
- http://www.securitytracker.com/id/1030274Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34329Vendor Advisory
- http://www.securitytracker.com/id/1030274Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-3276?
CVE-2014-3276 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which all...
How severe is CVE-2014-3276?
CVE-2014-3276 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3276?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software.