Vulnerability Description
The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Intrusion Prevention System | <= 7.0\(8\)e4 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36014Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36014Vendor Advisory
FAQ
What is CVE-2014-3402?
CVE-2014-3402 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, ...
How severe is CVE-2014-3402?
CVE-2014-3402 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3402?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Intrusion Prevention System.