Details of VAR-201503-0115

ID

VAR-201503-0115

CVE

CVE-2015-0635

TITLE

Cisco IOS and IOS XE of Autonomic Networking Infrastructure In the implementation of ANRA Response spoofed vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001941

DESCRIPTION

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. Cisco IOS is a popular Internet operating system. Cisco IOS and IOS XE are prone to a content spoofing vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to insert and display spoofed content, which may aid in further attacks. This issue is tracked by Cisco Bug ID CSCup62191

Trust: 2.52

sources: NVD: CVE-2015-0635 // JVNDB: JVNDB-2015-001941 // CNVD: CNVD-2015-02084 // BID: 73341 // VULHUB: VHN-78581

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02084

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)ja1n	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)s2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)s1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s5	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jab1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jn	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(2\)s2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)jb1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s.0	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)ird1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(1\)ex	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.0	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)ire3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(25e\)jam1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ed1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(44\)sq1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(25e\)jap1m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jnb	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s.0	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)sxi4b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(25e\)jaz1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s3	Trust: 1.0
vendor:	cisco	model:	ios 15.4 s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.13.xs	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.xs	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.1s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.xs	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.xs	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0-15.4	Trust: 0.6
vendor:	cisco	model:	ios xe 3.10.xs-3.13.xs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.4 sn1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.4 s2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.4 s1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.3 s2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.13s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4sn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 sn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 s3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3jnb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3jn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3jab	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3ja	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s2a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 jnb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 jn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 jab1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 ja1n	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2jb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 jb1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0ed	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 ed1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4jaz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4jap	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4jam	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 jaz1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 jap1m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 jam1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ire	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ird	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sq1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxi4b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ire3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ird1	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02084 // BID: 73341 // JVNDB: JVNDB-2015-001941 // CNNVD: CNNVD-201503-564 // NVD: CVE-2015-0635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0635
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0635
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-02084
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201503-564
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-78581
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0635
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02084
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78581
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02084 // VULHUB: VHN-78581 // JVNDB: JVNDB-2015-001941 // CNNVD: CNNVD-201503-564 // NVD: CVE-2015-0635

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78581 // JVNDB: JVNDB-2015-001941 // NVD: CVE-2015-0635

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-564

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201503-564

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001941

PATCH

title:	cisco-sa-20150325-ani	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani	Trust: 0.8
title:	37811	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37811	Trust: 0.8
title:	Cisco IOS/IOS XE malformed ANRA reply messages limit patches that bypass the denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/56792	Trust: 0.6

sources: CNVD: CNVD-2015-02084 // JVNDB: JVNDB-2015-001941

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0635	Trust: 3.4
db:	SECTRACK	id:	1031982	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001941	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-564	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02084	Trust: 0.6
db:	BID	id:	73341	Trust: 0.4
db:	VULHUB	id:	VHN-78581	Trust: 0.1

sources: CNVD: CNVD-2015-02084 // VULHUB: VHN-78581 // BID: 73341 // JVNDB: JVNDB-2015-001941 // CNNVD: CNNVD-201503-564 // NVD: CVE-2015-0635

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150325-ani	Trust: 2.6
url:	http://www.securitytracker.com/id/1031982	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0635	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0635	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37811	Trust: 0.3

sources: CNVD: CNVD-2015-02084 // VULHUB: VHN-78581 // BID: 73341 // JVNDB: JVNDB-2015-001941 // CNNVD: CNNVD-201503-564 // NVD: CVE-2015-0635

CREDITS

Cisco

Trust: 0.3

sources: BID: 73341

SOURCES

db:	CNVD	id:	CNVD-2015-02084
db:	VULHUB	id:	VHN-78581
db:	BID	id:	73341
db:	JVNDB	id:	JVNDB-2015-001941
db:	CNNVD	id:	CNNVD-201503-564
db:	NVD	id:	CVE-2015-0635

LAST UPDATE DATE

2024-11-23T22:27:11.510000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02084	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78581	date:	2015-10-01T00:00:00
db:	BID	id:	73341	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001941	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-564	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0635	date:	2024-11-21T02:23:26.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02084	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78581	date:	2015-03-26T00:00:00
db:	BID	id:	73341	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001941	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-564	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0635	date:	2015-03-26T10:59:00.067