CVE-2014-3402

medium Cisco
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Score
0.5%
Exploitation probability in 30 days
Top 35% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P
Published: October 10, 2014 (4234 days ago)
Last Modified: May 6, 2026
Vendor: Cisco
Source: NVD

Description

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550.

CWE

CWE-287

Affected Products

cisco intrusion prevention system

References

🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 tools.cisco.com