CVE-2014-3387
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | asa | 7.2.5 | |
| cisco | asa | 7.2.5.10 | |
| cisco | asa | 8.2.5 | |
| cisco | asa | 8.2.5.13 | |
| cisco | asa | 8.2.5.22 | |
| cisco | asa | 8.2.5.26 | |
| cisco | asa | 8.2.5.33 | |
| cisco | asa | 8.2.5.41 | |
| cisco | asa | 8.2.5.46 | |
| cisco | asa | 8.2.5.48 | |
| cisco | asa | 8.2.5.49 | |
| cisco | asa | 8.3 | |
| cisco | asa | 8.3.2.25 | |
| cisco | asa | 8.4 | |
| cisco | asa | 8.4.1 | |
| cisco | asa | 8.4.2 | |
| cisco | asa | 8.4.3 | |
| cisco | asa | 8.4.4 | |
| cisco | asa | 8.4.5 | |
| cisco | asa | 8.4.6 | |
| cisco | asa | 8.4.7 | |
| cisco | asa | 8.5 | |
| cisco | asa | 8.5.1.6 | |
| cisco | asa | 8.6 | |
| cisco | asa | 8.7 | |
| cisco | asa | 9.0 | |
| cisco | asa | 9.1 | |
References
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.