Vulnerabilities > CVE-2014-3276 - Resource Management Errors vulnerability in Cisco Identity Services Engine Software

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

CWE-399

NVD

Published: 2014-05-26

Updated: 2016-09-07

Summary

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Identity Services Engine Software 1.0 Cisco Identity Services Engine Software 1.1 Cisco Identity Services Engine Software - Cisco Identity Services Engine Software 1.0.4.573 Cisco Identity Services Engine Software 1.0_Base Cisco Identity Services Engine Software 1.0_Mr_Base Cisco Identity Services Engine Software 1.1\(4.1\) Cisco Identity Services Engine Software 1.1.1 Cisco Identity Services Engine Software 1.1.2 Cisco Identity Services Engine Software 1.1.3 Cisco Identity Services Engine Software 1.1.4 Cisco Identity Services Engine Software 1.1_Base Cisco Identity Services Engine Software 1.2	42

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References