Vulnerability Description
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403Vendor Advisory
FAQ
What is CVE-2014-3403?
CVE-2014-3403 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22...
How severe is CVE-2014-3403?
CVE-2014-3403 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3403?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe.