CVE-2014-3276

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.

Published: May 26, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3276
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine_software	1.1	1.1.x
cisco / identity_services_engine_software	1.0	1.0.x
cisco / identity_services_engine_software	-	1.2.x

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276
http://tools.cisco.com/security/center/viewAlert.x?alertId=34329
http://www.securitytracker.com/id/1030274

Vulnerability Database

289,784

CVE-2014-3276