Denial of Service Vulnerability in Cisco IOS XE on ASR1000 Devices
CVE-2014-3284

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios Xe; Asr 1001; Asr 1002; Asr 1002-x
Vendor: CVE Published:; 25 May 2014

What is CVE-2014-3284?

On Cisco IOS XE devices, particularly within the ASR1000 series, a vulnerability exists that allows remote attackers to disrupt service by sending malformed PPPoE packets. This can result in device reloads, effectively taking the device offline and impacting network operations. Organizations using these devices with PPPoE termination enabled should assess their exposure to this risk and implement recommended mitigations to safeguard their systems.

References

http://www.securitytracker.com/id/1030283

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/67603

vdb-entryx_refsource_BID

http://secunia.com/advisories/58405

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2014
Vulnerability Reserved
May 7, 2014