CVE-2014-3355

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942.

Published: Sep 25, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3355
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	3.6.2s	3.6.2s.x
cisco / ios_xe	3.9(2)s	3.9(2)s.x
cisco / ios_xe	3.7(0)s	3.7(0)s.x
cisco / ios_xe	3.7(2)s	3.7(2)s.x
cisco / ios_xe	3.9(0)s	3.9(0)s.x
cisco / ios_xe	3.6.1s	3.6.1s.x
cisco / ios_xe	3.6.0s	3.6.0s.x
cisco / ios_xe	3.7(4)s	3.7(4)s.x
cisco / ios_xe	3.7(5)s	3.7(5)s.x
cisco / ios_xe	3.8(1)s	3.8(1)s.x
cisco / ios_xe	3.8(2)s	3.8(2)s.x
cisco / ios_xe	3.7(1)as	3.7(1)as.x
cisco / ios_xe	3.7(3)s	3.7(3)s.x
cisco / ios_xe	3.10s	3.10s.x
cisco / ios_xe	3.8(0)s	3.8(0)s.x
cisco / ios_xe	3.9(1a)s	3.9(1a)s.x
cisco / ios_xe	3.3(.0)xo	3.3(.0)xo.x

Vulnerability Database

289,697

CVE-2014-3355