CVE-2014-3308
Description
Cisco IOS XR on ASR 9000 Trident line cards lacks a static punt policer, enabling remote DoS via crafted packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco IOS XR on ASR 9000 Trident line cards lacks a static punt policer, enabling remote DoS via crafted packets.
Vulnerability
Cisco IOS XR Software on Trident line cards in ASR 9000 Series Aggregation Services Routers lacks a static punt policer. This vulnerability, identified by Cisco bug ID CSCun83985, allows an unauthenticated attacker to cause excessive CPU consumption by sending a high volume of crafted packets to the affected device. Affected versions include Cisco IOS XR releases running on Trident line cards.
Exploitation
An attacker can exploit this vulnerability from a remote network without authentication by sending a large number of crafted packets to the device. No special privileges or user interaction is required. The attack targets the punt path, where excessive traffic overwhelms the CPU due to the missing static policer.
Impact
Successful exploitation leads to CPU exhaustion on the affected line card, resulting in a denial of service (DoS) condition. The device may become unresponsive or drop valid traffic. The impact is limited to CPU consumption; no data disclosure or privilege escalation is reported.
Mitigation
Cisco has not released a software update for this vulnerability at the time of disclosure. Mitigations include implementing access control lists (ACLs) to limit traffic to the punt path or deploying rate limiters. Users should monitor Cisco Security Advisories for future patches. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- www.securityfocus.com/bid/68351nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1030525nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/58869nvd
News mentions
0No linked articles in our index yet.