Vulnerability Description
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.1\(4\)m2 |
| Cisco | 1801 Integrated Service Router | - |
| Cisco | 1802 Integrated Service Router | - |
| Cisco | 1803 Integrated Service Router | - |
| Cisco | 1811 Integrated Service Router | - |
| Cisco | 1812 Integrated Service Router | - |
| Cisco | 1841 Integrated Service Router | - |
| Cisco | 1861 Integrated Service Router | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35453Vendor Advisory
- http://www.securityfocus.com/bid/69439
- http://www.securitytracker.com/id/1030772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95558
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35453Vendor Advisory
- http://www.securityfocus.com/bid/69439
- http://www.securitytracker.com/id/1030772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95558
FAQ
What is CVE-2014-3347?
CVE-2014-3347 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN pho...
How severe is CVE-2014-3347?
CVE-2014-3347 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3347?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 1801 Integrated Service Router, Cisco 1802 Integrated Service Router, Cisco 1803 Integrated Service Router, Cisco 1811 Integrated Service Router.