Details of VAR-201503-0159

ID

VAR-201503-0159

CVE

CVE-2015-0654

TITLE

Cisco Intrusion Prevention System Software management interface MainApp of TLS Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001811

DESCRIPTION

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652. Cisco Intrusion Prevention System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the MainApp process to become unresponsive, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuq40652. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

Trust: 1.98

sources: NVD: CVE-2015-0654 // JVNDB: JVNDB-2015-001811 // BID: 73042 // VULHUB: VHN-78600

AFFECTED PRODUCTS

vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.2\(1\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.3\(2\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	7.2\(2\)e4	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system software	scope:	lt	version:	7.3(3)e4	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system 7.2 e4	scope:	-	version:	-	Trust: 0.3

sources: BID: 73042 // JVNDB: JVNDB-2015-001811 // CNNVD: CNNVD-201503-309 // NVD: CVE-2015-0654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0654
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0654
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201503-309
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78600
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0654
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78600
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78600 // JVNDB: JVNDB-2015-001811 // CNNVD: CNNVD-201503-309 // NVD: CVE-2015-0654

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-78600 // JVNDB: JVNDB-2015-001811 // NVD: CVE-2015-0654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-309

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201503-309

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001811

PATCH

title:	cisco-sa-20150311-ips	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips	Trust: 0.8
title:	37708	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37708	Trust: 0.8
title:	cisco-sa-20150311-ips	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128754_cisco-sa-20150311-ips-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-001811

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0654	Trust: 2.8
db:	SECTRACK	id:	1031908	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001811	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-309	Trust: 0.7
db:	BID	id:	73042	Trust: 0.4
db:	VULHUB	id:	VHN-78600	Trust: 0.1

sources: VULHUB: VHN-78600 // BID: 73042 // JVNDB: JVNDB-2015-001811 // CNNVD: CNNVD-201503-309 // NVD: CVE-2015-0654

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150311-ips	Trust: 2.0
url:	http://www.securitytracker.com/id/1031908	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0654	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0654	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37708	Trust: 0.3

sources: VULHUB: VHN-78600 // BID: 73042 // JVNDB: JVNDB-2015-001811 // CNNVD: CNNVD-201503-309 // NVD: CVE-2015-0654

CREDITS

Cisco

Trust: 0.3

sources: BID: 73042

SOURCES

db:	VULHUB	id:	VHN-78600
db:	BID	id:	73042
db:	JVNDB	id:	JVNDB-2015-001811
db:	CNNVD	id:	CNNVD-201503-309
db:	NVD	id:	CVE-2015-0654

LAST UPDATE DATE

2024-11-23T22:59:36.913000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78600	date:	2015-09-11T00:00:00
db:	BID	id:	73042	date:	2015-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001811	date:	2015-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201503-309	date:	2015-03-16T00:00:00
db:	NVD	id:	CVE-2015-0654	date:	2024-11-21T02:23:28.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78600	date:	2015-03-13T00:00:00
db:	BID	id:	73042	date:	2015-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001811	date:	2015-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201503-309	date:	2015-03-16T00:00:00
db:	NVD	id:	CVE-2015-0654	date:	2015-03-13T01:59:33.240