Details of VAR-201503-0119

ID

VAR-201503-0119

CVE

CVE-2015-0639

TITLE

Cisco IOS XE of Common Flow Table Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001945

DESCRIPTION

The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. Cisco IOS is a popular Internet operating system. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The vulnerability stems from the program's improper handling of IPv6 packets encapsulated in IPv4 UDP packets. The following versions are affected: Cisco IOS XE Release 3.6, Release 3.7 prior to 3.7.1S, Release 3.8 prior to 3.8.0S, Release 3.9 prior to 3.9.0S, Release 3.10 prior to 3.10.0S, Release 3.11 prior to 3.11.0S, Release 3.12.0S prior to Version 3.12, Version 3.13 before 3.13.0S, Version 3.14 before 3.14.0S, Version 3.15 before 3.15.0S

Trust: 2.52

sources: NVD: CVE-2015-0639 // JVNDB: JVNDB-2015-001945 // CNVD: CNVD-2015-02089 // BID: 73337 // VULHUB: VHN-78585

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02089

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.5	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6	Trust: 1.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.11	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.8	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.10	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.9	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.12	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.15	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.13	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.14	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.7	Trust: 0.8
vendor:	cisco	model:	ios xe 3.13	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.14	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.15	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.7	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.8	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.9.0s)	scope:	eq	version:	3.9(<	Trust: 0.6
vendor:	cisco	model:	ios xe 3.10	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.11	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.12	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.9s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.9s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.9s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.8s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.8s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.8s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.13s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.0a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.0	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02089 // BID: 73337 // JVNDB: JVNDB-2015-001945 // CNNVD: CNNVD-201503-568 // NVD: CVE-2015-0639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0639
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0639
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-02089
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201503-568
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78585
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0639
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02089
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78585
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02089 // VULHUB: VHN-78585 // JVNDB: JVNDB-2015-001945 // CNNVD: CNNVD-201503-568 // NVD: CVE-2015-0639

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78585 // JVNDB: JVNDB-2015-001945 // NVD: CVE-2015-0639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-568

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201503-568

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001945

PATCH

title:	37486	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=37486	Trust: 0.8
title:	cisco-sa-20150325-iosxe	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe	Trust: 0.8
title:	37826	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37826	Trust: 0.8
title:	cisco-sa-20150325-iosxe	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128882_cisco-sa-20150325-iosxe-j.html	Trust: 0.8
title:	Cisco IOS XE Common Flow Table (CFT) malformed IPv6 packet handling denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/56798	Trust: 0.6

sources: CNVD: CNVD-2015-02089 // JVNDB: JVNDB-2015-001945

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0639	Trust: 3.4
db:	SECTRACK	id:	1031981	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001945	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-568	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02089	Trust: 0.6
db:	BID	id:	73337	Trust: 0.3
db:	VULHUB	id:	VHN-78585	Trust: 0.1

sources: CNVD: CNVD-2015-02089 // VULHUB: VHN-78585 // BID: 73337 // JVNDB: JVNDB-2015-001945 // CNNVD: CNNVD-201503-568 // NVD: CVE-2015-0639

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150325-iosxe	Trust: 2.6
url:	http://www.securitytracker.com/id/1031981	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0639	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0639	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html	Trust: 0.3

sources: CNVD: CNVD-2015-02089 // VULHUB: VHN-78585 // BID: 73337 // JVNDB: JVNDB-2015-001945 // CNNVD: CNNVD-201503-568 // NVD: CVE-2015-0639

CREDITS

Cisco

Trust: 0.3

sources: BID: 73337

SOURCES

db:	CNVD	id:	CNVD-2015-02089
db:	VULHUB	id:	VHN-78585
db:	BID	id:	73337
db:	JVNDB	id:	JVNDB-2015-001945
db:	CNNVD	id:	CNNVD-201503-568
db:	NVD	id:	CVE-2015-0639

LAST UPDATE DATE

2024-11-23T22:08:09.718000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02089	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78585	date:	2015-09-04T00:00:00
db:	BID	id:	73337	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001945	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-568	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0639	date:	2024-11-21T02:23:27.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02089	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78585	date:	2015-03-26T00:00:00
db:	BID	id:	73337	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001945	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-568	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0639	date:	2015-03-26T10:59:05.410