Details of VAR-201505-0186

ID

VAR-201505-0186

CVE

CVE-2015-0742

TITLE

Cisco Adaptive Security Appliance Software Protocol Independent Multicast Service disruption in applications (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002769

DESCRIPTION

The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398. Vendors have confirmed this vulnerability Bug ID CSCus74398 It is released as. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlDenial of service operation via a specially crafted multicast packet by a third party ( Transfer stop ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to trigger a denial-of condition, denying service to legitimate users. Protocol Independent Multicast (PIM) application is a collection of multicast routing protocols. The vulnerability stems from the program not properly implementing the multicast-forwarding registration function. The following releases are affected: Cisco ASA Software Release 9.2(0.0), Release 9.2(0.104), Release 9.2(3.1), Release 9.2(3.4), Release 9.3(1.105), Release 9.3(2.100), Release 9.4(0.115), 100.13(0.21) version, 100.13(20.3) version, 100.13(21.9) version, 100.14(1.1) version

Trust: 1.98

sources: NVD: CVE-2015-0742 // JVNDB: JVNDB-2015-002769 // BID: 74750 // VULHUB: VHN-78688

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4\(0.115\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(3.4\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(3.1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.13\(21.9\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.0\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.13\(20.3\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.14\(1.1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.100\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.105\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.104\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(2.100)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(1.105)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(3.4)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(0.104)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(0.0)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.14(1.1)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.13(20.3)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.13(0.21)	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.13\(0.21\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.13(21.9)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(3.1)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(0.115)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.(0.115)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.(3.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	100.12(21.9)	Trust: 0.3

sources: BID: 74750 // JVNDB: JVNDB-2015-002769 // CNNVD: CNNVD-201505-458 // NVD: CVE-2015-0742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0742
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0742
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-458
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78688
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0742
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78688
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78688 // JVNDB: JVNDB-2015-002769 // CNNVD: CNNVD-201505-458 // NVD: CVE-2015-0742

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78688 // JVNDB: JVNDB-2015-002769 // NVD: CVE-2015-0742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-458

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201505-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002769

PATCH

title:

38937

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38937

Trust: 0.8

sources: JVNDB: JVNDB-2015-002769

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0742	Trust: 2.8
db:	BID	id:	74750	Trust: 1.4
db:	SECTRACK	id:	1032381	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002769	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-458	Trust: 0.7
db:	SECUNIA	id:	64621	Trust: 0.6
db:	VULHUB	id:	VHN-78688	Trust: 0.1

sources: VULHUB: VHN-78688 // BID: 74750 // JVNDB: JVNDB-2015-002769 // CNNVD: CNNVD-201505-458 // NVD: CVE-2015-0742

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38937	Trust: 2.0
url:	http://www.securityfocus.com/bid/74750	Trust: 1.1
url:	http://www.securitytracker.com/id/1032381	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0742	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0742	Trust: 0.8
url:	http://secunia.com/advisories/64621	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78688 // BID: 74750 // JVNDB: JVNDB-2015-002769 // CNNVD: CNNVD-201505-458 // NVD: CVE-2015-0742

CREDITS

Cisco

Trust: 0.3

sources: BID: 74750

SOURCES

db:	VULHUB	id:	VHN-78688
db:	BID	id:	74750
db:	JVNDB	id:	JVNDB-2015-002769
db:	CNNVD	id:	CNNVD-201505-458
db:	NVD	id:	CVE-2015-0742

LAST UPDATE DATE

2024-11-23T22:08:07.339000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78688	date:	2017-01-06T00:00:00
db:	BID	id:	74750	date:	2015-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-002769	date:	2015-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201505-458	date:	2015-05-22T00:00:00
db:	NVD	id:	CVE-2015-0742	date:	2024-11-21T02:23:38.227

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78688	date:	2015-05-21T00:00:00
db:	BID	id:	74750	date:	2015-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-002769	date:	2015-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201505-458	date:	2015-05-22T00:00:00
db:	NVD	id:	CVE-2015-0742	date:	2015-05-21T10:59:02.067