CVE-2014-3403 : The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which a

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.

Published 2014-10-10 01:55:09

Updated 2014-10-10 17:55:47

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-3403

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-3403

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-3403

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3403

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403

Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Validation Vulnerability
Vendor Advisory

Products affected by CVE-2014-3403

Cisco » Ios Xe » Version: N/A
cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-3403

Exploit prediction scoring system (EPSS) score for CVE-2014-3403

CVSS scores for CVE-2014-3403

CWE ids for CVE-2014-3403

References for CVE-2014-3403

Products affected by CVE-2014-3403