Sign-up

ID

VAR-201506-0292


CVE

CVE-2015-4203


TITLE

Cisco uBR10000 Runs on the device PRE Module Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003246

DESCRIPTION

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. (PXF Process crash ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCud83396 It is released as.Malformed by a third party MPLS 6VPE Interfering with service operation by sending packets at high speed (PXF Process crash ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCud83396

Trust: 2.52

sources: NVD: CVE-2015-4203 // JVNDB: JVNDB-2015-003246 // CNVD: CNVD-2015-04116 // BID: 75339 // VULHUB: VHN-82164

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04116

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2sch

Trust: 1.8

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch

Trust: 1.0

vendor:ciscomodel:ios 12.2schscope: - version: -

Trust: 0.9

vendor:ciscomodel:iosscope:eqversion:12.2(33)sch

Trust: 0.8

vendor:ciscomodel:ubr10000 for router cable modem termination systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios 12.2 schscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2015-04116 // BID: 75339 // JVNDB: JVNDB-2015-003246 // NVD: CVE-2015-4203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4203
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4203
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04116
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-404
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4203
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04116
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82164
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04116 // VULHUB: VHN-82164 // JVNDB: JVNDB-2015-003246 // CNNVD: CNNVD-201506-404 // NVD: CVE-2015-4203

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-82164 // JVNDB: JVNDB-2015-003246 // NVD: CVE-2015-4203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-404

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201506-404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003246

PATCH
title:39439url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39439
Trust: 0.8
title:Patch for Cisco IOS Software UBR Devices IPv6 VPN Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60186
Trust: 0.6
title:Cisco IOS Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170531
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04116 // 
            
            
            
            JVNDB: JVNDB-2015-003246 // 
            
            
            
            CNNVD: CNNVD-201506-404

EXTERNAL IDS
db:NVDid:CVE-2015-4203
Trust: 3.4
db:BIDid:75339
Trust: 2.0
db:SECTRACKid:1032692
Trust: 1.1
db:JVNDBid:JVNDB-2015-003246
Trust: 0.8
db:CNVDid:CNVD-2015-04116
Trust: 0.6
db:CNNVDid:CNNVD-201506-404
Trust: 0.6
db:VULHUBid:VHN-82164
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04116 // 
            
            
            
            VULHUB: VHN-82164 // 
            
            
            
            BID: 75339 // 
            
            
            
            JVNDB: JVNDB-2015-003246 // 
            
            
            
            CNNVD: CNNVD-201506-404 // 
            
            
            
            NVD: CVE-2015-4203

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39439
Trust: 2.6
url:http://www.securityfocus.com/bid/75339
Trust: 1.1
url:http://www.securitytracker.com/id/1032692
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4203
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4203
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04116 // 
            
            
            
            VULHUB: VHN-82164 // 
            
            
            
            BID: 75339 // 
            
            
            
            JVNDB: JVNDB-2015-003246 // 
            
            
            
            CNNVD: CNNVD-201506-404 // 
            
            
            
            NVD: CVE-2015-4203

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75339

SOURCES
db:CNVDid:CNVD-2015-04116
db:VULHUBid:VHN-82164
db:BIDid:75339
db:JVNDBid:JVNDB-2015-003246
db:CNNVDid:CNNVD-201506-404
db:NVDid:CVE-2015-4203

LAST UPDATE DATE
2024-11-23T21:54:57.558000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04116date:2015-06-30T00:00:00
db:VULHUBid:VHN-82164date:2016-12-28T00:00:00
db:BIDid:75339date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003246date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-404date:2021-11-22T00:00:00
db:NVDid:CVE-2015-4203date:2024-11-21T02:30:37.540

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04116date:2015-06-30T00:00:00
db:VULHUBid:VHN-82164date:2015-06-23T00:00:00
db:BIDid:75339date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003246date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-404date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4203date:2015-06-23T14:59:01.370