CVE-2014-3276

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
ciscoidentity_services_engine_software
𝑥
≤ 1.2
ciscoidentity_services_engine_software
1.0
ciscoidentity_services_engine_software
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276
http://tools.cisco.com/security/center/viewAlert.x?alertId=34329
http://www.securitytracker.com/id/1030274
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276
http://tools.cisco.com/security/center/viewAlert.x?alertId=34329
http://www.securitytracker.com/id/1030274