Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026

CVE-2014-3388

Description

Cisco ASA Software DNS inspection engine flaw allows remote attackers to cause device reload via crafted DNS packets, affecting versions 9.0, 9.1, and 9.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco ASA Software DNS inspection engine flaw allows remote attackers to cause device reload via crafted DNS packets, affecting versions 9.0, 9.1, and 9.2.

Vulnerability

The DNS inspection engine in Cisco ASA Software versions 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) contains a vulnerability that allows remote attackers to cause a denial of service via crafted DNS packets [1]. The DNS inspection feature is used to inspect DNS traffic passing through the ASA.

Exploitation

An attacker can exploit this vulnerability by sending specially crafted DNS packets to an affected Cisco ASA device. No authentication is required, and the attacker does not need any prior access. The crafted packets trigger a flaw in the DNS inspection engine, leading to a device reload [1].

Impact

Successful exploitation results in a denial of service condition, causing the Cisco ASA to reload. This disrupts all traffic passing through the device, including VPN connections and firewall services. There is no impact on confidentiality or integrity [1].

Mitigation

Cisco has released software updates to address this vulnerability. The fixed versions are 9.0(4.13), 9.1(5.7), and 9.2(2) and later [1]. As a workaround, administrators may consider disabling DNS inspection if it is not required for their environment, though this may impact functionality. The advisory recommends upgrading to the fixed release.

References

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Cisco Adaptive Security Appliance3 versions
cpe:2.3:a:cisco:asa:9.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:asa:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asa:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asa:9.2:*:*:*:*:*:*:*
Cisco Systems, Inc./ASA Softwarellm-fuzzy
Range: >=9.0 <9.0(4.13) OR >=9.1 <9.1(5.7) OR >=9.2 <9.2(2)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asanvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000