CVE-2014-3347

Name of the Vulnerable Software and Affected Versions Cisco 1800 Series Integrated Services Routers (ISR) version 15.1(4)M2

Description The issue allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module. This occurs when the ISDN Basic Rate Interface is enabled. An attacker would need to perform the attack exactly when the device polls the hardware encryption module to perform entropy collection. To exploit this vulnerability, an attacker must obtain additional knowledge of the targeted device, such as whether ISDN BRI is configured and connected to an active switched network and whether a service that requires encryption entropy collection is enabled.

Recommendations For Cisco 1800 Series Integrated Services Routers (ISR) version 15.1(4)M2, consider disabling the ISDN Basic Rate Interface (BRI) to minimize the risk of exploitation, as fixed software will not be released due to the device having reached the End of Software Maintenance milestone.