Sign-up

ID

VAR-201507-0503


CVE

CVE-2015-4273


TITLE

Cisco ASR 5000 Device software Packet Data Network Gateway Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003853

DESCRIPTION

The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco Packet Data Network Gateway is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the Session Manager service on an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCut38476. Cisco ASR 5000 Series is the 5000 series wireless controller products of Cisco (Cisco). The following releases are affected: Cisco ASR 5000 devices using Release 15.0(912), Release 15.0(935), and Release 15.0(938) software

Trust: 2.52

sources: NVD: CVE-2015-4273 // JVNDB: JVNDB-2015-003853 // CNVD: CNVD-2015-04675 // BID: 75905 // VULHUB: VHN-82234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04675

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:15.0\(912\)

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:15.0\(935\)

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:15.0\(938\)

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:15.0 (912)

Trust: 0.8

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:15.0 (935)

Trust: 0.8

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:15.0 (938)

Trust: 0.8

vendor:ciscomodel:asr devices with softwarescope:eqversion:500015.0(912)

Trust: 0.6

vendor:ciscomodel:asr devices with softwarescope:eqversion:500015.0(935)

Trust: 0.6

vendor:ciscomodel:asr devices with softwarescope:eqversion:500015.0(938)

Trust: 0.6

vendor:ciscomodel:asr series softwarescope:eqversion:500015.0(938)

Trust: 0.3

vendor:ciscomodel:asr series softwarescope:eqversion:500015.0(935)

Trust: 0.3

vendor:ciscomodel:asr series softwarescope:eqversion:500015.0(912)

Trust: 0.3

sources: CNVD: CNVD-2015-04675 // BID: 75905 // JVNDB: JVNDB-2015-003853 // CNNVD: CNNVD-201507-430 // NVD: CVE-2015-4273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4273
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4273
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04675
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-430
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82234
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4273
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04675
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82234
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04675 // VULHUB: VHN-82234 // JVNDB: JVNDB-2015-003853 // CNNVD: CNNVD-201507-430 // NVD: CVE-2015-4273

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-82234 // JVNDB: JVNDB-2015-003853 // NVD: CVE-2015-4273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-430

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201507-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003853

PATCH
title:39907url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39907
Trust: 0.8
title:Patch for Cisco ASR Denial of Service Vulnerability (CNVD-2015-04675)url:https://www.cnvd.org.cn/patchInfo/show/61189
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04675 // 
            
            
            
            JVNDB: JVNDB-2015-003853

EXTERNAL IDS
db:NVDid:CVE-2015-4273
Trust: 3.4
db:SECTRACKid:1032928
Trust: 1.1
db:BIDid:75905
Trust: 1.0
db:JVNDBid:JVNDB-2015-003853
Trust: 0.8
db:CNNVDid:CNNVD-201507-430
Trust: 0.7
db:CNVDid:CNVD-2015-04675
Trust: 0.6
db:VULHUBid:VHN-82234
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04675 // 
            
            
            
            VULHUB: VHN-82234 // 
            
            
            
            BID: 75905 // 
            
            
            
            JVNDB: JVNDB-2015-003853 // 
            
            
            
            CNNVD: CNNVD-201507-430 // 
            
            
            
            NVD: CVE-2015-4273

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39907
Trust: 2.6
url:http://www.securitytracker.com/id/1032928
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4273
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4273
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04675 // 
            
            
            
            VULHUB: VHN-82234 // 
            
            
            
            BID: 75905 // 
            
            
            
            JVNDB: JVNDB-2015-003853 // 
            
            
            
            CNNVD: CNNVD-201507-430 // 
            
            
            
            NVD: CVE-2015-4273

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75905

SOURCES
db:CNVDid:CNVD-2015-04675
db:VULHUBid:VHN-82234
db:BIDid:75905
db:JVNDBid:JVNDB-2015-003853
db:CNNVDid:CNNVD-201507-430
db:NVDid:CVE-2015-4273

LAST UPDATE DATE
2024-11-23T21:54:55.835000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04675date:2015-07-21T00:00:00
db:VULHUBid:VHN-82234date:2016-12-28T00:00:00
db:BIDid:75905date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003853date:2015-07-22T00:00:00
db:CNNVDid:CNNVD-201507-430date:2015-07-16T00:00:00
db:NVDid:CVE-2015-4273date:2024-11-21T02:30:44.777

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04675date:2015-07-21T00:00:00
db:VULHUBid:VHN-82234date:2015-07-15T00:00:00
db:BIDid:75905date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003853date:2015-07-22T00:00:00
db:CNNVDid:CNNVD-201507-430date:2015-07-16T00:00:00
db:NVDid:CVE-2015-4273date:2015-07-15T14:59:02.940