VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 25, 2014· Updated May 6, 2026

CVE-2014-3299

CVE-2014-3299

Description

Cisco IOS denial of service via malformed IPsec packets allows remote authenticated users to cause device reload.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco IOS denial of service via malformed IPsec packets allows remote authenticated users to cause device reload.

Vulnerability

Cisco IOS software contains a vulnerability in IPsec packet processing that can be triggered by malformed IPsec packets. Remote authenticated users can send specially crafted IPsec packets to cause a device reload. Affected versions include various Cisco IOS releases; the specific bug ID is CSCui79745. [2]

Exploitation

An attacker must have valid authentication credentials to the Cisco device and the ability to send IPsec packets. The attacker sends malformed IPsec packets to the device, which triggers a flaw in packet handling, leading to a denial of service condition.

Impact

Successful exploitation results in a denial of service (DoS) by causing the device to reload, disrupting network services. The impact is limited to availability; no data confidentiality or integrity compromise is indicated.

Mitigation

Cisco has released a security notice for this vulnerability. Users should upgrade to a fixed version of Cisco IOS as recommended by Cisco. Workarounds may include restricting IPsec access to trusted users. [2]

References
  1. Security Advisories

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.