Denial of Service Vulnerability in Cisco Intrusion Prevention System and Intrusion Detection System
CVE-2014-3402

Currently unrated

Key Information:

Vendor: Cisco
Status: Intrusion Prevention System
Vendor: CVE Published:; 10 October 2014

Summary

The web framework in Cisco's Intrusion Prevention System and Intrusion Detection System has a flaw in how it manages user tokens within the authentication-manager process. This vulnerability can be exploited by remote attackers through specially crafted connection requests directed at the management interface, potentially causing the MainApp to hang temporarily. This security flaw highlights the importance of ensuring proper management and validation of user tokens to prevent service disruptions.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Oct 10, 2014
Vulnerability Reserved
May 7, 2014