CVE-2014-3360

CVE Descriptions

Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.8		AV:N/AC:L/Au:N/C:N/I:N/A:C	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.21%	–	–
2022-03-27	–	–	1.21%	–	–
2022-04-03	–	–	1.21%	–	–
2022-05-08	–	–	1.21%	–	–
2022-08-28	–	–	1.21%	–	–
2023-02-26	–	–	1.21%	–	–
2023-03-12	–	–	–	1.16%	–
2024-02-11	–	–	–	1.16%	–
2024-03-17	–	–	–	1.16%	–
2024-06-02	–	–	–	1.16%	–
2024-06-02	–	–	–	1.16%	–
2024-12-15	–	–	–	1.16%	–
2024-12-22	–	–	–	1.22%	–
2025-03-16	–	–	–	1.22%	–
2025-01-19	–	–	–	1.22%	–
2025-03-18	–	–	–	–	1.49%
2025-03-30	–	–	–	–	1.91%
2025-03-30	–	–	–	–	1.91,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	41%
2022-03-27	42%
2022-04-03	64%
2022-05-08	65%
2022-08-28	66%
2023-02-26	67%
2023-03-12	83%
2024-02-11	84%
2024-03-17	85%
2024-06-02	85%
2024-06-02	85%
2024-12-15	86%
2024-12-22	85%
2025-03-16	86%
2025-01-19	85%
2025-03-18	8%
2025-03-30	82%
2025-03-30	82%

Products Mentioned

Configuraton 0

Cisco>>Ios >> Version 15.1

Cisco>>Ios >> Version 15.1 (Open CPE detail)

Cisco>>Ios >> Version 15.2

Cisco>>Ios >> Version 15.2 (Open CPE detail)

Cisco>>Ios >> Version 15.3

Cisco>>Ios >> Version 15.3 (Open CPE detail)

Cisco>>Ios >> Version 15.4

Cisco>>Ios >> Version 15.4 (Open CPE detail)

Cisco>>Ios_xe >> Version 3.1.0s

Cisco>>Ios_xe >> Version 3.1.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.1.1s

Cisco>>Ios_xe >> Version 3.1.1s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.1.2s

Cisco>>Ios_xe >> Version 3.1.2s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.1.3s

Cisco>>Ios_xe >> Version 3.1.3s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.1.4s

Cisco>>Ios_xe >> Version 3.1.4s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.2.0s

Cisco>>Ios_xe >> Version 3.2.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.2.1s

Cisco>>Ios_xe >> Version 3.2.1s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.2.2s

Cisco>>Ios_xe >> Version 3.2.2s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.3.0s

Cisco>>Ios_xe >> Version 3.3.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.3.1s

Cisco>>Ios_xe >> Version 3.3.1s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.3.2s

Cisco>>Ios_xe >> Version 3.3.2s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.3.3s

Cisco>>Ios_xe >> Version 3.3.3s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.4.0s

Cisco>>Ios_xe >> Version 3.4.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.4.1s

Cisco>>Ios_xe >> Version 3.4.1s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.4.2s

Cisco>>Ios_xe >> Version 3.4.2s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.4.3s

Cisco>>Ios_xe >> Version 3.4.3s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.4.4s

Cisco>>Ios_xe >> Version 3.4.4s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.4.5s

Cisco>>Ios_xe >> Version 3.4.5s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.5.0s

Cisco>>Ios_xe >> Version 3.5.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.5.1s

Cisco>>Ios_xe >> Version 3.5.1s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.5.2s

Cisco>>Ios_xe >> Version 3.5.2s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.6s\(.0\)

Cisco>>Ios_xe >> Version 3.6s\(.0\) (Open CPE detail)

Cisco>>Ios_xe >> Version 3.6s\(.1\)

Cisco>>Ios_xe >> Version 3.6s\(.1\) (Open CPE detail)

Cisco>>Ios_xe >> Version 3.6s\(.2\)

Cisco>>Ios_xe >> Version 3.6s\(.2\) (Open CPE detail)

Cisco>>Ios_xe >> Version 3.7\(0\)s

Cisco>>Ios_xe >> Version 3.7\(0\)s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.7\(1\)as

Cisco>>Ios_xe >> Version 3.7\(2\)s

Cisco>>Ios_xe >> Version 3.7\(3\)s

Cisco>>Ios_xe >> Version 3.7\(4\)s

Cisco>>Ios_xe >> Version 3.7\(5\)s

Cisco>>Ios_xe >> Version 3.8.0s

Cisco>>Ios_xe >> Version 3.8.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.8s\(.0\)

Cisco>>Ios_xe >> Version 3.8s\(.0\) (Open CPE detail)

Cisco>>Ios_xe >> Version 3.8s\(.1\)

Cisco>>Ios_xe >> Version 3.8s\(.1\) (Open CPE detail)

Cisco>>Ios_xe >> Version 3.8s\(.2\)

Cisco>>Ios_xe >> Version 3.8s\(.2\) (Open CPE detail)

Cisco>>Ios_xe >> Version 3.9s\(.0\)

Cisco>>Ios_xe >> Version 3.9s\(.1\)

Cisco>>Ios_xe >> Version 3.9s\(.2\)

Cisco>>Ios_xe >> Version 3.10

Cisco>>Ios_xe >> Version 3.10 (Open CPE detail)

Cisco>>Ios_xe >> Version 3.10.0s

Cisco>>Ios_xe >> Version 3.10.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.11.0s

Cisco>>Ios_xe >> Version 3.11.0s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.11.1s

Cisco>>Ios_xe >> Version 3.11.1s (Open CPE detail)

Cisco>>Ios_xe >> Version 3.11.2s

Cisco>>Ios_xe >> Version 3.11.2s (Open CPE detail)

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip/cvrf/cisco-sa-20140924-sip_cvrf.xml
Tags : x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/96174
Tags : vdb-entry, x_refsource_XF

http://www.securitytracker.com/id/1030897
Tags : vdb-entry, x_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip
Tags : vendor-advisory, x_refsource_CISCO

http://www.securityfocus.com/bid/70141
Tags : vdb-entry, x_refsource_BID

CVE-2014-3360 : Detail