CVE-2014-3295

The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

Published: Jun 14, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3295
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.8
AV:A/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
cisco / nx-os	6.1(3)	6.1(3).x
cisco / nx-os	5.1(6)	5.1(6).x
cisco / nx-os	5.2(1)	5.2(1).x
cisco / nx-os	5.1(4)	5.1(4).x
cisco / nx-os	4.1.(2)	4.1.(2).x
cisco / nx-os	5.1(5)	5.1(5).x
cisco / nx-os	6.0(3)	6.0(3).x
cisco / nx-os	4.2(8)	4.2(8).x
cisco / nx-os	6.0(2)	6.0(2).x
cisco / nx-os	4.2(3)	4.2(3).x
cisco / nx-os	4.1.(3)	4.1.(3).x
cisco / nx-os	5.1(3)	5.1(3).x
cisco / nx-os	6.1(4)	6.1(4).x
cisco / nx-os	5.2(3a)	5.2(3a).x
cisco / nx-os	5.2(7)	5.2(7).x
cisco / nx-os	5.2(9)	5.2(9).x
cisco / nx-os	5.0(5)	5.0(5).x
cisco / nx-os	4.2(4)	4.2(4).x
cisco / nx-os	5.2(4)	5.2(4).x
cisco / nx-os	6.1(4a)	6.1(4a).x
cisco / nx-os	4.2.(2a)	4.2.(2a).x
cisco / nx-os	4.1.(5)	4.1.(5).x
cisco / nx-os	5.0(2a)	5.0(2a).x
cisco / nx-os	5.0(3)	5.0(3).x
cisco / nx-os	5.1(1a)	5.1(1a).x
cisco / nx-os	4.1.(4)	4.1.(4).x
cisco / nx-os	6.2(2)	6.2(2).x
cisco / nx-os	6.0(1)	6.0(1).x
cisco / nx-os	6.0(4)	6.0(4).x
cisco / nx-os	-	6.2\(2a\).x
cisco / nx-os	6.1(1)	6.1(1).x
cisco / nx-os	6.1(2)	6.1(2).x
cisco / nx-os	4.2(6)	4.2(6).x
cisco / nx-os	5.2(5)	5.2(5).x

Vulnerability Database

289,599

CVE-2014-3295