CVE-2014-3276

medium

Description

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.

References

http://www.securitytracker.com/id/1030274

http://tools.cisco.com/security/center/viewAlert.x?alertId=34329

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276

Details

Source: Mitre, NVD

Published: 2014-05-26

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00439