Details of VAR-201504-0289

ID

VAR-201504-0289

CVE

CVE-2015-0710

TITLE

Cisco IOS XE Overlay Transport Virtualization Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-02814 // CNNVD: CNNVD-201504-570

DESCRIPTION

The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335. Cisco IOS XE is an operating system developed by Cisco Systems for its network devices. A remote attacker could exploit the vulnerability to cause a denial of service (device reload). This issue is being tracked by Cisco Bug ID's CSCup37676 and CSCup30335

Trust: 2.52

sources: NVD: CVE-2015-0710 // JVNDB: JVNDB-2015-002511 // CNVD: CNVD-2015-02814 // BID: 74386 // VULHUB: VHN-78656

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02814

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s.01	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s	Trust: 0.8
vendor:	cisco	model:	ios xe 3.10s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software 3.10s.01	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02814 // BID: 74386 // JVNDB: JVNDB-2015-002511 // CNNVD: CNNVD-201504-570 // NVD: CVE-2015-0710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0710
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0710
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-02814
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-570
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78656
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0710
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02814
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78656
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02814 // VULHUB: VHN-78656 // JVNDB: JVNDB-2015-002511 // CNNVD: CNNVD-201504-570 // NVD: CVE-2015-0710

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-78656 // JVNDB: JVNDB-2015-002511 // NVD: CVE-2015-0710

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201504-570

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201504-570

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002511

PATCH

title:	38549	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38549	Trust: 0.8
title:	Patch for Cisco IOS XE Overlay Transport Virtualization Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/57891	Trust: 0.6

sources: CNVD: CNVD-2015-02814 // JVNDB: JVNDB-2015-002511

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0710	Trust: 3.4
db:	SECTRACK	id:	1032212	Trust: 1.1
db:	BID	id:	74386	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-002511	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-570	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02814	Trust: 0.6
db:	VULHUB	id:	VHN-78656	Trust: 0.1

sources: CNVD: CNVD-2015-02814 // VULHUB: VHN-78656 // BID: 74386 // JVNDB: JVNDB-2015-002511 // CNNVD: CNNVD-201504-570 // NVD: CVE-2015-0710

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38549	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0710	Trust: 1.4
url:	http://www.securitytracker.com/id/1032212	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0710	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-02814 // VULHUB: VHN-78656 // BID: 74386 // JVNDB: JVNDB-2015-002511 // CNNVD: CNNVD-201504-570 // NVD: CVE-2015-0710

CREDITS

Cisco

Trust: 0.3

sources: BID: 74386

SOURCES

db:	CNVD	id:	CNVD-2015-02814
db:	VULHUB	id:	VHN-78656
db:	BID	id:	74386
db:	JVNDB	id:	JVNDB-2015-002511
db:	CNNVD	id:	CNNVD-201504-570
db:	NVD	id:	CVE-2015-0710

LAST UPDATE DATE

2024-11-23T22:59:36.633000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02814	date:	2015-04-30T00:00:00
db:	VULHUB	id:	VHN-78656	date:	2015-09-10T00:00:00
db:	BID	id:	74386	date:	2015-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-002511	date:	2015-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201504-570	date:	2015-04-29T00:00:00
db:	NVD	id:	CVE-2015-0710	date:	2024-11-21T02:23:34.853

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02814	date:	2015-04-30T00:00:00
db:	VULHUB	id:	VHN-78656	date:	2015-04-29T00:00:00
db:	BID	id:	74386	date:	2015-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-002511	date:	2015-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201504-570	date:	2015-04-29T00:00:00
db:	NVD	id:	CVE-2015-0710	date:	2015-04-29T01:59:02.247