Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/10/2014 Updated: 10/10/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote malicious users to spoof devices via crafted messages, aka Bug ID CSCuq22647.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios xe -

A vulnerability in certificate validation for Autonomic Networking Infrastructure (ANI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to masquerade as another device The vulnerability is due to incomplete certificate validation An attacker could exploit this vulnerability by sending crafted messages to the ANI device ...

CWE-310 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141010-CVE-2014-3403

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3403

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect