Details of VAR-201506-0293

ID

VAR-201506-0293

CVE

CVE-2015-4204

TITLE

Cisco uBR10000 Runs on the device PRE Module Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003247

DESCRIPTION

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the PXF process in the PRE module on an affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCue65051

Trust: 2.52

sources: NVD: CVE-2015-4204 // JVNDB: JVNDB-2015-003247 // CNVD: CNVD-2015-04005 // BID: 75337 // VULHUB: VHN-82165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04005

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 2.7
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(33\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2(33)	Trust: 1.1
vendor:	cisco	model:	ubr10000 for router cable modem termination system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2015-04005 // BID: 75337 // JVNDB: JVNDB-2015-003247 // CNNVD: CNNVD-201506-402 // NVD: CVE-2015-4204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4204
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4204
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04005
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-402
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82165
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4204
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04005
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82165
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04005 // VULHUB: VHN-82165 // JVNDB: JVNDB-2015-003247 // CNNVD: CNNVD-201506-402 // NVD: CVE-2015-4204

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-82165 // JVNDB: JVNDB-2015-003247 // NVD: CVE-2015-4204

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-402

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201506-402

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003247

PATCH

title:	39440	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39440	Trust: 0.8
title:	Patch for Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/60013	Trust: 0.6

sources: CNVD: CNVD-2015-04005 // JVNDB: JVNDB-2015-003247

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4204	Trust: 3.4
db:	BID	id:	75337	Trust: 2.0
db:	SECTRACK	id:	1032692	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003247	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-402	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04005	Trust: 0.6
db:	VULHUB	id:	VHN-82165	Trust: 0.1

sources: CNVD: CNVD-2015-04005 // VULHUB: VHN-82165 // BID: 75337 // JVNDB: JVNDB-2015-003247 // CNNVD: CNNVD-201506-402 // NVD: CVE-2015-4204

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39440	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4204	Trust: 1.4
url:	http://www.securityfocus.com/bid/75337	Trust: 1.1
url:	http://www.securitytracker.com/id/1032692	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4204	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2015-04005 // VULHUB: VHN-82165 // BID: 75337 // JVNDB: JVNDB-2015-003247 // CNNVD: CNNVD-201506-402 // NVD: CVE-2015-4204

CREDITS

Cisco

Trust: 0.3

sources: BID: 75337

SOURCES

db:	CNVD	id:	CNVD-2015-04005
db:	VULHUB	id:	VHN-82165
db:	BID	id:	75337
db:	JVNDB	id:	JVNDB-2015-003247
db:	CNNVD	id:	CNNVD-201506-402
db:	NVD	id:	CVE-2015-4204

LAST UPDATE DATE

2024-11-23T21:54:57.628000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04005	date:	2015-06-26T00:00:00
db:	VULHUB	id:	VHN-82165	date:	2016-12-28T00:00:00
db:	BID	id:	75337	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003247	date:	2015-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201506-402	date:	2015-06-24T00:00:00
db:	NVD	id:	CVE-2015-4204	date:	2024-11-21T02:30:37.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04005	date:	2015-06-26T00:00:00
db:	VULHUB	id:	VHN-82165	date:	2015-06-23T00:00:00
db:	BID	id:	75337	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003247	date:	2015-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201506-402	date:	2015-06-24T00:00:00
db:	NVD	id:	CVE-2015-4204	date:	2015-06-23T12:59:01.367