CVE-2014-3378
Description
A malformed TACACS+ packet can cause the tacacsd process to reload on Cisco IOS XR 5.1 and earlier, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malformed TACACS+ packet can cause the tacacsd process to reload on Cisco IOS XR 5.1 and earlier, leading to denial of service.
Vulnerability
The tacacsd process in Cisco IOS XR versions 5.1 and earlier is vulnerable to a denial of service (DoS) condition when it receives a malformed TACACS+ packet. The vulnerability is identified by Cisco Bug ID CSCum00468 [1]. No special configuration is required for the code path to be reachable; the process listens for TACACS+ traffic by default.
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted TACACS+ packet to an affected device. No authentication or prior access is needed. The attacker only needs network connectivity to the target device's TACACS+ port (typically TCP 49). Upon receipt of the malformed packet, the tacacsd process reloads immediately.
Impact
Successful exploitation causes the tacacsd process to reload, resulting in a denial of service for TACACS+ authentication services. This can prevent legitimate users from authenticating via TACACS+ until the process restarts. The device itself does not reload, but the authentication service is temporarily unavailable.
Mitigation
Cisco has not released a software update for this vulnerability; the issue is addressed in later versions of Cisco IOS XR. Users should upgrade to a version beyond 5.1 [1]. No workarounds are available. The vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
56cpe:2.3:o:cisco:ios_xr:2.0:*:*:*:*:*:*:*+ 55 more
- cpe:2.3:o:cisco:ios_xr:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.2.50:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.7:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.8.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.8.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:5.1.0:*:*:*:*:*:*:*
- (no CPE)range: <=5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- secunia.com/advisories/59632nvd
- secunia.com/advisories/59649nvd
- www.securityfocus.com/bid/69957nvd
- www.securitytracker.com/id/1030878nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/96067nvd
News mentions
0No linked articles in our index yet.