Details of VAR-201503-0116

ID

VAR-201503-0116

CVE

CVE-2015-0636

TITLE

Cisco IOS and IOS XE of Autonomic Networking Infrastructure Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001942

DESCRIPTION

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. Cisco IOS is a popular Internet operating system. An attacker can exploit this issues to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCup62293

Trust: 2.52

sources: NVD: CVE-2015-0636 // JVNDB: JVNDB-2015-001942 // CNVD: CNVD-2015-02085 // BID: 73343 // VULHUB: VHN-78582

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02085

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)sxi4b	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)ire3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s.0	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)ird1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.4	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(44\)sq1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s.3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)ja1n	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jab1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(2\)s2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jn	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)s2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)jb1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(25e\)jaz1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(1\)ex	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(25e\)jam1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ed1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(25e\)jap1m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jnb	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)s1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)s2	Trust: 1.0
vendor:	cisco	model:	ios 15.4 s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.13.xs	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.xs	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.1s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.xs	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.xs	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0-15.4	Trust: 0.6
vendor:	cisco	model:	ios xe 3.10.xs-3.13.xs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.4 sn1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.4 s2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.4 s1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.13s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4sn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 sn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 s3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3jnb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3jn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3jab	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3ja	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 jnb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 jn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 jab1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 ja1n	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.3 s2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2jb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 jb1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0ed	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 ed1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4jaz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4jap	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4jam	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 jaz1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 jap1m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 jam1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ire	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ird	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sq1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxi4b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ire3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ird1	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02085 // BID: 73343 // JVNDB: JVNDB-2015-001942 // CNNVD: CNNVD-201503-565 // NVD: CVE-2015-0636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0636
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0636
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-02085
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201503-565
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78582
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0636
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02085
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78582
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02085 // VULHUB: VHN-78582 // JVNDB: JVNDB-2015-001942 // CNNVD: CNNVD-201503-565 // NVD: CVE-2015-0636

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78582 // JVNDB: JVNDB-2015-001942 // NVD: CVE-2015-0636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-565

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201503-565

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001942

PATCH

title:	cisco-sa-20150325-ani	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani	Trust: 0.8
title:	37812	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37812	Trust: 0.8
title:	Patch for Cisco IOS/IOS XE Malformed AN Message Handling Denial of Service Vulnerability (CNVD-2015-02085)	url:	https://www.cnvd.org.cn/patchInfo/show/56793	Trust: 0.6

sources: CNVD: CNVD-2015-02085 // JVNDB: JVNDB-2015-001942

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0636	Trust: 3.4
db:	SECTRACK	id:	1031982	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001942	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-565	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02085	Trust: 0.6
db:	BID	id:	73343	Trust: 0.4
db:	VULHUB	id:	VHN-78582	Trust: 0.1

sources: CNVD: CNVD-2015-02085 // VULHUB: VHN-78582 // BID: 73343 // JVNDB: JVNDB-2015-001942 // CNNVD: CNNVD-201503-565 // NVD: CVE-2015-0636

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150325-ani	Trust: 2.6
url:	http://www.securitytracker.com/id/1031982	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0636	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0636	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37812	Trust: 0.3

sources: CNVD: CNVD-2015-02085 // VULHUB: VHN-78582 // BID: 73343 // JVNDB: JVNDB-2015-001942 // CNNVD: CNNVD-201503-565 // NVD: CVE-2015-0636

CREDITS

Cisco

Trust: 0.3

sources: BID: 73343

SOURCES

db:	CNVD	id:	CNVD-2015-02085
db:	VULHUB	id:	VHN-78582
db:	BID	id:	73343
db:	JVNDB	id:	JVNDB-2015-001942
db:	CNNVD	id:	CNNVD-201503-565
db:	NVD	id:	CVE-2015-0636

LAST UPDATE DATE

2024-11-23T22:27:11.438000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02085	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78582	date:	2015-10-01T00:00:00
db:	BID	id:	73343	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001942	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-565	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0636	date:	2024-11-21T02:23:26.777

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02085	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78582	date:	2015-03-26T00:00:00
db:	BID	id:	73343	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001942	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-565	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0636	date:	2015-03-26T10:59:02.473