Unrated severityNVD Advisory· Published Oct 5, 2014· Updated May 6, 2026

CVE-2014-3396

Description

Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.

Affected products

Cisco Systems, Inc./Asr 9000 Rsp440 Router
cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Asr 9001
cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Asr 9006
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Asr 9010
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Asr 9904
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Asr 9912
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Asr 9922
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
Cisco Systems, Inc./iOS Xr
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000