Sign-up

ID

VAR-201508-0094


CVE

CVE-2015-6267


TITLE

Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004507

DESCRIPTION

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles L2TP security vulnerabilities, allowing remote attackers to exploit vulnerabilities by sending special messages to crash the target ESP and overload the target device. The Cisco ASR 1000 Series Routers are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID's CSCsw95722 and CSCsw95496

Trust: 2.52

sources: NVD: CVE-2015-6267 // JVNDB: JVNDB-2015-004507 // CNVD: CNVD-2015-05749 // BID: 76525 // VULHUB: VHN-84228

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05749

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:2.2.2

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2 .1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.2 .2

Trust: 0.8

vendor:ciscomodel:asrscope:eqversion:1000

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:2.2.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:2.2.1

Trust: 0.3

vendor:ciscomodel:asr series routersscope:eqversion:10000

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:neversion:2.3

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:neversion:2.2.3

Trust: 0.3

sources: CNVD: CNVD-2015-05749 // BID: 76525 // JVNDB: JVNDB-2015-004507 // CNNVD: CNNVD-201508-563 // NVD: CVE-2015-6267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6267
value: HIGH

Trust: 1.0

NVD: CVE-2015-6267
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05749
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-563
value: HIGH

Trust: 0.6

VULHUB: VHN-84228
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6267
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05749
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84228
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05749 // VULHUB: VHN-84228 // JVNDB: JVNDB-2015-004507 // CNNVD: CNNVD-201508-563 // NVD: CVE-2015-6267

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84228 // JVNDB: JVNDB-2015-004507 // NVD: CVE-2015-6267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-563

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201508-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004507

PATCH
title:40684url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40684
Trust: 0.8
title:Cisco ASR 1000 Series Router L2TP Handles Patch for Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/63354
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-05749 // 
            
            
            
            JVNDB: JVNDB-2015-004507

EXTERNAL IDS
db:NVDid:CVE-2015-6267
Trust: 3.4
db:SECTRACKid:1033410
Trust: 1.1
db:JVNDBid:JVNDB-2015-004507
Trust: 0.8
db:CNNVDid:CNNVD-201508-563
Trust: 0.7
db:CNVDid:CNVD-2015-05749
Trust: 0.6
db:BIDid:76525
Trust: 0.4
db:VULHUBid:VHN-84228
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05749 // 
            
            
            
            VULHUB: VHN-84228 // 
            
            
            
            BID: 76525 // 
            
            
            
            JVNDB: JVNDB-2015-004507 // 
            
            
            
            CNNVD: CNNVD-201508-563 // 
            
            
            
            NVD: CVE-2015-6267

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40684
Trust: 2.6
url:http://www.securitytracker.com/id/1033410
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6267
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6267
Trust: 0.8
url:http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/software_packaging_architecture.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05749 // 
            
            
            
            VULHUB: VHN-84228 // 
            
            
            
            BID: 76525 // 
            
            
            
            JVNDB: JVNDB-2015-004507 // 
            
            
            
            CNNVD: CNNVD-201508-563 // 
            
            
            
            NVD: CVE-2015-6267

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76525

SOURCES
db:CNVDid:CNVD-2015-05749
db:VULHUBid:VHN-84228
db:BIDid:76525
db:JVNDBid:JVNDB-2015-004507
db:CNNVDid:CNNVD-201508-563
db:NVDid:CVE-2015-6267

LAST UPDATE DATE
2024-11-23T22:08:02.135000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05749date:2015-09-01T00:00:00
db:VULHUBid:VHN-84228date:2017-09-20T00:00:00
db:BIDid:76525date:2015-08-31T00:00:00
db:JVNDBid:JVNDB-2015-004507date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-563date:2015-09-10T00:00:00
db:NVDid:CVE-2015-6267date:2024-11-21T02:34:40.310

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05749date:2015-09-01T00:00:00
db:VULHUBid:VHN-84228date:2015-08-29T00:00:00
db:BIDid:76525date:2015-08-31T00:00:00
db:JVNDBid:JVNDB-2015-004507date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-563date:2015-08-31T00:00:00
db:NVDid:CVE-2015-6267date:2015-08-29T01:59:00.113