VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026

CVE-2014-3386

CVE-2014-3386

Description

Crafted GTP packets can cause a denial of service (device reload) on Cisco ASA with GTP inspection enabled, affecting multiple software versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Crafted GTP packets can cause a denial of service (device reload) on Cisco ASA with GTP inspection enabled, affecting multiple software versions.

Vulnerability

The vulnerability resides in the GPRS Tunneling Protocol (GTP) inspection engine of Cisco ASA Software. Affected versions include 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1). The engine fails to properly handle a crafted series of GTP packets, leading to a device reload. GTP inspection must be enabled for the code path to be reachable. [1]

Exploitation

A remote attacker can send a specially crafted sequence of GTP packets to an affected Cisco ASA device that has GTP inspection enabled. No authentication is required, and the attacker only needs network access to send packets to the device. [1]

Impact

Successful exploitation causes the device to reload, resulting in a denial of service (DoS). The attack does not allow code execution or data leakage; the primary impact is loss of availability. [1]

Mitigation

Cisco has released fixed software versions: 8.2(5.51), 8.4(7.15), 8.7(1.13), 9.0(4.8), and 9.1(5.1). Administrators should upgrade to these or later versions. As a workaround, if GTP inspection is not required, it can be disabled using the no inspect gtp command in the global service policy. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities catalog (KEV) as of the publication date. [1]

References
  1. Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

21
  • Cisco Systems, Inc./Cisco Adaptive Security Appliance20 versions
    cpe:2.3:a:cisco:asa:8.2.5:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:cisco:asa:8.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.22:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.26:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.33:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.41:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.46:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.48:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.2.5.49:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:9.1:*:*:*:*:*:*:*
  • Cisco Systems, Inc./ASA Softwarellm-fuzzy
    Range: 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), 9.1 before 9.1(5.1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.