Details of VAR-201507-0531

ID

VAR-201507-0531

CVE

CVE-2015-4243

TITLE

Cisco ASR 1000 Runs on the device Cisco IOS XE of PPPoE establishment Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003494

DESCRIPTION

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202. This issue is being tracked by Cisco Bug ID CSCty94202

Trust: 2.52

sources: NVD: CVE-2015-4243 // JVNDB: JVNDB-2015-003494 // CNVD: CNVD-2015-04437 // BID: 75585 // VULHUB: VHN-82204

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04437

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 2.4
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1001-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1013 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr	scope:	eq	version:	1000	Trust: 0.6
vendor:	cisco	model:	ios xe 3.5.0s	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software 3.5s.0	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-04437 // BID: 75585 // JVNDB: JVNDB-2015-003494 // CNNVD: CNNVD-201507-195 // NVD: CVE-2015-4243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4243
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4243
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04437
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-195
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4243
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04437
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82204
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04437 // VULHUB: VHN-82204 // JVNDB: JVNDB-2015-003494 // CNNVD: CNNVD-201507-195 // NVD: CVE-2015-4243

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-82204 // JVNDB: JVNDB-2015-003494 // NVD: CVE-2015-4243

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201507-195

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201507-195

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003494

PATCH

title:	39675	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39675	Trust: 0.8
title:	Patch for Cisco ASR 1000 IOS XE PPPoE Process Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/60678	Trust: 0.6

sources: CNVD: CNVD-2015-04437 // JVNDB: JVNDB-2015-003494

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4243	Trust: 3.4
db:	SECTRACK	id:	1032805	Trust: 1.1
db:	BID	id:	75585	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003494	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-195	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04437	Trust: 0.6
db:	VULHUB	id:	VHN-82204	Trust: 0.1

sources: CNVD: CNVD-2015-04437 // VULHUB: VHN-82204 // BID: 75585 // JVNDB: JVNDB-2015-003494 // CNNVD: CNNVD-201507-195 // NVD: CVE-2015-4243

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39675	Trust: 2.6
url:	http://www.securitytracker.com/id/1032805	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4243	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4243	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html	Trust: 0.3

sources: CNVD: CNVD-2015-04437 // VULHUB: VHN-82204 // BID: 75585 // JVNDB: JVNDB-2015-003494 // CNNVD: CNNVD-201507-195 // NVD: CVE-2015-4243

CREDITS

Cisco

Trust: 0.3

sources: BID: 75585

SOURCES

db:	CNVD	id:	CNVD-2015-04437
db:	VULHUB	id:	VHN-82204
db:	BID	id:	75585
db:	JVNDB	id:	JVNDB-2015-003494
db:	CNNVD	id:	CNNVD-201507-195
db:	NVD	id:	CVE-2015-4243

LAST UPDATE DATE

2024-11-23T22:01:44.161000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04437	date:	2015-07-14T00:00:00
db:	VULHUB	id:	VHN-82204	date:	2016-12-29T00:00:00
db:	BID	id:	75585	date:	2015-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2015-003494	date:	2015-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201507-195	date:	2015-07-13T00:00:00
db:	NVD	id:	CVE-2015-4243	date:	2024-11-21T02:30:42.300

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04437	date:	2015-07-14T00:00:00
db:	VULHUB	id:	VHN-82204	date:	2015-07-08T00:00:00
db:	BID	id:	75585	date:	2015-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2015-003494	date:	2015-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201507-195	date:	2015-07-09T00:00:00
db:	NVD	id:	CVE-2015-4243	date:	2015-07-08T14:59:03.817