cvelistv5 - cve-2014-3384

CVE-2014-3384 (GCVE-0-2014-3384)

Vulnerability from cvelistv5

Published

2014-10-10 10:00

Modified

2024-08-06 10:43

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2014-3384

Vulnerability from fkie_nvd

Published

2014-10-10 10:55

Modified

2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	asa	8.4
cisco	asa	8.4.1
cisco	asa	8.4.2
cisco	asa	8.4.3
cisco	asa	8.4.4
cisco	asa	8.6
cisco	asa	8.6.1
cisco	asa	9.0
cisco	asa	9.1
cisco	asa	9.1.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44402EC4-8170-4CEA-9AC1-1F4C8B0D411D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D7DD30-2639-4F42-BD15-AB2A3A03E0B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D20B32-C543-424D-8276-ED0DE1DC55AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A9CD2B-BD9B-4728-9CD4-7CB5A082BA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E98B331A-368F-4F68-81FA-BDE0260FEE9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51525D78-0238-4379-A577-EAB6D278F0BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:8.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F759EAB4-B5CB-4BBE-83CB-DF31FD6CAA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD97CD57-66F4-4A92-8897-A96D9E93116A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "790D2962-AE6A-4001-9793-A9B1C8916D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa:9.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ECE5855-A333-4B76-981B-82C378EF8B1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n IKEv2 en Cisco ASA Software 8.4 anterior a 8.4(7.15), 8.6 anterior a 8.6(1.14), 9.0 anterior a 9.0(4.8), y 9.1 anterior a 9.1(5.1) permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de un paquete manipulado que se env\u00eda durante la creaci\u00f3n de t\u00faneles, tambi\u00e9n conocido como Bug ID CSCum96401."
    }
  ],
  "id": "CVE-2014-3384",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-10T10:55:06.243",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum96401. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program's improper handling of IKEv2 packets. The following versions are affected: Cisco ASA Software 8.4 prior to 8.4(7.15), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.8), 9.1 prior to 9.1(5.1)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1003",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.4.2"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.4.3"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.4.4"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.1.5"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.4.1"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.6.1"
      },
      {
        "model": "asa",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.1(5.1)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.4(7.15)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.0(4.8)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "(asa)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.6(1.14)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:adaptive_security_appliance",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:cisco:adaptive_security_appliance_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "70294"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3384",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-3384",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-71324",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3384",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-3384",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-207",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71324",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401. \nAn attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. \nThis issue is tracked by Cisco Bug ID CSCum96401. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program\u0027s improper handling of IKEv2 packets. The following versions are affected: Cisco ASA Software 8.4 prior to 8.4(7.15), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.8), 9.1 prior to 9.1(5.1)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "BID",
        "id": "70294"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3384",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "70294",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-71324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "db": "BID",
        "id": "70294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "id": "VAR-201410-1003",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:38:55.446000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20141008-asa",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
      },
      {
        "title": "4718/0",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=4718\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S827"
      },
      {
        "title": "4718/1",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=4718\u0026signatureSubId=1\u0026softwareVersion=6.0\u0026releaseVersion=S827"
      },
      {
        "title": "4718/2",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=4718\u0026signatureSubId=2\u0026softwareVersion=6.0\u0026releaseVersion=S827"
      },
      {
        "title": "35907",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35907"
      },
      {
        "title": "cisco-sa-20141008-asa",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/112/1126/1126286_cisco-sa-20141008-asa-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3384"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3384"
      },
      {
        "trust": 0.3,
        "url": "www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "db": "BID",
        "id": "70294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "db": "BID",
        "id": "70294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "date": "2014-10-08T00:00:00",
        "db": "BID",
        "id": "70294"
      },
      {
        "date": "2014-10-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "date": "2014-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "date": "2014-10-10T10:55:06.243000",
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71324"
      },
      {
        "date": "2014-10-08T00:00:00",
        "db": "BID",
        "id": "70294"
      },
      {
        "date": "2014-10-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      },
      {
        "date": "2014-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      },
      {
        "date": "2024-11-21T02:07:59.123000",
        "db": "NVD",
        "id": "CVE-2014-3384"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASA Software  IKEv2 Service disruption in implementations  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004658"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-207"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2014-AVI-410

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Cisco ASA. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ASA version 7.2 à 9.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

ghsa-4vqj-9m7j-xf46

Vulnerability from github

Published

2022-05-17 04:31

Modified

2022-05-17 04:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3384"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-10-10T10:55:00Z",
    "severity": "HIGH"
  },
  "details": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.",
  "id": "GHSA-4vqj-9m7j-xf46",
  "modified": "2022-05-17T04:31:11Z",
  "published": "2022-05-17T04:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3384"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2014-3384

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-3384

Aliases

CVE-2014-3384

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3384",
    "description": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.",
    "id": "GSD-2014-3384"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3384"
      ],
      "details": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.",
      "id": "GSD-2014-3384",
      "modified": "2023-12-13T01:22:53.495740Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-3384",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:9.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:8.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3384"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-10-13T00:27Z",
      "publishedDate": "2014-10-10T10:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-3384 (GCVE-0-2014-3384)

Vulnerability from cvelistv5

fkie_cve-2014-3384

Vulnerability from fkie_nvd

var-201410-1003

Vulnerability from variot

CERTFR-2014-AVI-410

Vulnerability from certfr_avis

Solution

ghsa-4vqj-9m7j-xf46

Vulnerability from github

gsd-2014-3384

Vulnerability from gsd

Tags

Sightings

Nomenclature