Details of VAR-201504-0290

ID

VAR-201504-0290

CVE

CVE-2015-0711

TITLE

Cisco ASR 5000 Series StarOS Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-02815 // CNNVD: CNNVD-201504-571

DESCRIPTION

The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. Vendors have confirmed this vulnerability Bug ID CSCut94711 It is released as.Malformed by a third party PM Service disruption via packets ( Reload services and stop call processing ) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a 5000 series wireless controller product from Cisco. StarOS is a virtualized operating system that dynamically allocates resources for mobile services and networks running in the 5000 Series wireless controller products. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCut94711

Trust: 2.52

sources: NVD: CVE-2015-0711 // JVNDB: JVNDB-2015-002512 // CNVD: CNVD-2015-02815 // BID: 74388 // VULHUB: VHN-78657

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02815

AFFECTED PRODUCTS

vendor:	cisco	model:	staros	scope:	eq	version:	18.1.0.59776	Trust: 3.0
vendor:	cisco	model:	asr 5000 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 5500 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 5700 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr series software	scope:	eq	version:	500018.1.0.59776	Trust: 0.3
vendor:	cisco	model:	asr series software	scope:	eq	version:	500018.1	Trust: 0.3

sources: CNVD: CNVD-2015-02815 // BID: 74388 // JVNDB: JVNDB-2015-002512 // CNNVD: CNNVD-201504-571 // NVD: CVE-2015-0711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0711
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0711
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-02815
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-571
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78657
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0711
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02815
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78657
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02815 // VULHUB: VHN-78657 // JVNDB: JVNDB-2015-002512 // CNNVD: CNNVD-201504-571 // NVD: CVE-2015-0711

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-78657 // JVNDB: JVNDB-2015-002512 // NVD: CVE-2015-0711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-571

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201504-571

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002512

PATCH

title:	38557	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38557	Trust: 0.8
title:	Cisco ASR 5000 Series StarOS Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/57892	Trust: 0.6

sources: CNVD: CNVD-2015-02815 // JVNDB: JVNDB-2015-002512

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0711	Trust: 3.4
db:	SECTRACK	id:	1032213	Trust: 1.1
db:	BID	id:	74388	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-002512	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-571	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02815	Trust: 0.6
db:	VULHUB	id:	VHN-78657	Trust: 0.1

sources: CNVD: CNVD-2015-02815 // VULHUB: VHN-78657 // BID: 74388 // JVNDB: JVNDB-2015-002512 // CNNVD: CNNVD-201504-571 // NVD: CVE-2015-0711

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38557	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0711	Trust: 1.4
url:	http://www.securitytracker.com/id/1032213	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0711	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-02815 // VULHUB: VHN-78657 // BID: 74388 // JVNDB: JVNDB-2015-002512 // CNNVD: CNNVD-201504-571 // NVD: CVE-2015-0711

CREDITS

Cisco

Trust: 0.3

sources: BID: 74388

SOURCES

db:	CNVD	id:	CNVD-2015-02815
db:	VULHUB	id:	VHN-78657
db:	BID	id:	74388
db:	JVNDB	id:	JVNDB-2015-002512
db:	CNNVD	id:	CNNVD-201504-571
db:	NVD	id:	CVE-2015-0711

LAST UPDATE DATE

2024-11-23T21:44:19.040000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02815	date:	2015-04-30T00:00:00
db:	VULHUB	id:	VHN-78657	date:	2015-09-10T00:00:00
db:	BID	id:	74388	date:	2015-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-002512	date:	2015-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201504-571	date:	2015-04-29T00:00:00
db:	NVD	id:	CVE-2015-0711	date:	2024-11-21T02:23:34.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02815	date:	2015-04-30T00:00:00
db:	VULHUB	id:	VHN-78657	date:	2015-04-29T00:00:00
db:	BID	id:	74388	date:	2015-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-002512	date:	2015-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201504-571	date:	2015-04-29T00:00:00
db:	NVD	id:	CVE-2015-0711	date:	2015-04-29T01:59:03.183