Improper input validation in Cisco Asr_1001

CVE-2014-3284

Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Asr_1001
Cisco Asr_1002
Cisco Asr_1002_fixed_router
Cisco Asr_1002-x
Cisco Asr_1004
Cisco Asr_1006
Cisco Asr_1013
Cisco Asr_1023_router
Cisco Ios_xe
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

1030283 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
67603 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
58405 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
20140523 Cisco IOS XE Software PPPoE Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)