Details of VAR-201504-0269

ID

VAR-201504-0269

CVE

CVE-2015-0688

TITLE

Embedded Services Processor Have a module ASR 1000 Runs on series devices Cisco IOS XE Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002089

DESCRIPTION

Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. Cisco ASR is an integrated services router solution from Cisco that uses the IOS XR Software module operating system to provide carrier-class reliability. A denial of service vulnerability exists in the Cisco ASR 1000 appliance, allowing remote attackers to exploit the vulnerability to initiate a denial of service attack through the H323 protocol packet. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCup21070

Trust: 2.52

sources: NVD: CVE-2015-0688 // JVNDB: JVNDB-2015-002089 // CNVD: CNVD-2015-02290 // BID: 73914 // VULHUB: VHN-78634

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02290

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	13.10.2s	Trust: 1.6
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1001-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1013 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2s	Trust: 0.8
vendor:	cisco	model:	asr	scope:	eq	version:	1000	Trust: 0.6
vendor:	cisco	model:	ios xe software 3.10s.2	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02290 // BID: 73914 // JVNDB: JVNDB-2015-002089 // CNNVD: CNNVD-201504-067 // NVD: CVE-2015-0688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0688
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0688
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-02290
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-067
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78634
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0688
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02290
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78634
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02290 // VULHUB: VHN-78634 // JVNDB: JVNDB-2015-002089 // CNNVD: CNNVD-201504-067 // NVD: CVE-2015-0688

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-78634 // JVNDB: JVNDB-2015-002089 // NVD: CVE-2015-0688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-067

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201504-067

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002089

PATCH

title:	38210	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38210	Trust: 0.8
title:	Patch for Cisco ASR Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/57122	Trust: 0.6

sources: CNVD: CNVD-2015-02290 // JVNDB: JVNDB-2015-002089

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0688	Trust: 3.4
db:	SECTRACK	id:	1032023	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002089	Trust: 0.8
db:	CNVD	id:	CNVD-2015-02290	Trust: 0.6
db:	CNNVD	id:	CNNVD-201504-067	Trust: 0.6
db:	BID	id:	73914	Trust: 0.4
db:	VULHUB	id:	VHN-78634	Trust: 0.1

sources: CNVD: CNVD-2015-02290 // VULHUB: VHN-78634 // BID: 73914 // JVNDB: JVNDB-2015-002089 // CNNVD: CNNVD-201504-067 // NVD: CVE-2015-0688

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38210	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0688	Trust: 1.4
url:	http://www.securitytracker.com/id/1032023	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0688	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-02290 // VULHUB: VHN-78634 // BID: 73914 // JVNDB: JVNDB-2015-002089 // CNNVD: CNNVD-201504-067 // NVD: CVE-2015-0688

CREDITS

Cisco

Trust: 0.3

sources: BID: 73914

SOURCES

db:	CNVD	id:	CNVD-2015-02290
db:	VULHUB	id:	VHN-78634
db:	BID	id:	73914
db:	JVNDB	id:	JVNDB-2015-002089
db:	CNNVD	id:	CNNVD-201504-067
db:	NVD	id:	CVE-2015-0688

LAST UPDATE DATE

2024-11-23T22:52:44.722000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02290	date:	2015-04-10T00:00:00
db:	VULHUB	id:	VHN-78634	date:	2015-09-29T00:00:00
db:	BID	id:	73914	date:	2015-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-002089	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-067	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0688	date:	2024-11-21T02:23:32.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02290	date:	2015-04-10T00:00:00
db:	VULHUB	id:	VHN-78634	date:	2015-04-04T00:00:00
db:	BID	id:	73914	date:	2015-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-002089	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-067	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0688	date:	2015-04-04T01:59:02.593