Strix
26.1K

CVE-2014-3321

UnknownEPSS 0.65%

Last modified

CVE-2014-3321 is a vulnerability of currently unknown severity. Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.

Metrics

EPSS Probability
0.65%

46.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos Xr<= 4.3.4
CiscoIos Xr4.3.0
CiscoIos Xr4.3.1
CiscoIos Xr4.3.2
CiscoAsr 9000 Rsp440 RouterAll versions
CiscoAsr 9001All versions
CiscoAsr 9006All versions
CiscoAsr 9010All versions
CiscoAsr 9904All versions
CiscoAsr 9912All versions
CiscoAsr 9922All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-3321?
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.
How severe is CVE-2014-3321?
Severity scoring for CVE-2014-3321 is pending analysis. The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.
How do I fix CVE-2014-3321?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3321?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST