CVE-2014-3276

Published: May 26, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.

Affected (3)

Products: Cisco: Identity Services Engine Software

1 product

Identity Services Engine Software

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine Software	Up to 1.2
Cisco Identity Services Engine Software	Version 1.0
Cisco Identity Services Engine Software	Version 1.1

Related CWEs

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=34329

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1030274

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=34329

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1030274

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.