Details of VAR-201503-0121

ID

VAR-201503-0121

CVE

CVE-2015-0641

TITLE

Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001947

DESCRIPTION

Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The following releases are affected: Cisco IOS XE Release 2.x, Release 3.x prior to 3.9.0S, Release 3.10 prior to 3.10.0S, Release 3.11 prior to 3.11.0S, Release 3.12 prior to 3.12.0S, Release 3.13 prior to 3.13.0S, Version 3.14 before 3.14.0S, version 3.15 before 3.15.0S

Trust: 2.52

sources: NVD: CVE-2015-0641 // JVNDB: JVNDB-2015-001947 // CNVD: CNVD-2015-02090 // BID: 73337 // VULHUB: VHN-78587

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02090

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.0	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.x	Trust: 1.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2s.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2s.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2s.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.x	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.15	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.12	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.10	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.13	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.14	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lt	version:	3.11	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.0s	Trust: 0.8
vendor:	cisco	model:	ios xe 3.13	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.14	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.15	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.10	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.11	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.12	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe 3.9s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.9s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.9s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.8s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.8s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.8s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.7s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.6s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.5s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.13s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.12s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.11s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.0a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.10s.0	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02090 // BID: 73337 // JVNDB: JVNDB-2015-001947 // CNNVD: CNNVD-201503-570 // NVD: CVE-2015-0641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0641
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0641
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-02090
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201503-570
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78587
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0641
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02090
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78587
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02090 // VULHUB: VHN-78587 // JVNDB: JVNDB-2015-001947 // CNNVD: CNNVD-201503-570 // NVD: CVE-2015-0641

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78587 // JVNDB: JVNDB-2015-001947 // NVD: CVE-2015-0641

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-570

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201503-570

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001947

PATCH

title:	37486	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=37486	Trust: 0.8
title:	cisco-sa-20150325-iosxe	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe	Trust: 0.8
title:	37824	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37824	Trust: 0.8
title:	cisco-sa-20150325-iosxe	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128882_cisco-sa-20150325-iosxe-j.html	Trust: 0.8
title:	Cisco IOS XE IPv6 Packet Handling Patch for Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/56805	Trust: 0.6

sources: CNVD: CNVD-2015-02090 // JVNDB: JVNDB-2015-001947

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0641	Trust: 3.4
db:	SECTRACK	id:	1031981	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001947	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-570	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02090	Trust: 0.6
db:	BID	id:	73337	Trust: 0.3
db:	VULHUB	id:	VHN-78587	Trust: 0.1

sources: CNVD: CNVD-2015-02090 // VULHUB: VHN-78587 // BID: 73337 // JVNDB: JVNDB-2015-001947 // CNNVD: CNNVD-201503-570 // NVD: CVE-2015-0641

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150325-iosxe	Trust: 2.6
url:	http://www.securitytracker.com/id/1031981	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0641	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0641	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html	Trust: 0.3

sources: CNVD: CNVD-2015-02090 // VULHUB: VHN-78587 // BID: 73337 // JVNDB: JVNDB-2015-001947 // CNNVD: CNNVD-201503-570 // NVD: CVE-2015-0641

CREDITS

Cisco

Trust: 0.3

sources: BID: 73337

SOURCES

db:	CNVD	id:	CNVD-2015-02090
db:	VULHUB	id:	VHN-78587
db:	BID	id:	73337
db:	JVNDB	id:	JVNDB-2015-001947
db:	CNNVD	id:	CNNVD-201503-570
db:	NVD	id:	CVE-2015-0641

LAST UPDATE DATE

2024-11-23T22:08:09.646000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02090	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78587	date:	2015-09-04T00:00:00
db:	BID	id:	73337	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001947	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-570	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0641	date:	2024-11-21T02:23:27.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02090	date:	2015-03-31T00:00:00
db:	VULHUB	id:	VHN-78587	date:	2015-03-26T00:00:00
db:	BID	id:	73337	date:	2015-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-001947	date:	2015-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201503-570	date:	2015-03-27T00:00:00
db:	NVD	id:	CVE-2015-0641	date:	2015-03-26T10:59:07.020