Details of VAR-201508-0096

ID

VAR-201508-0096

CVE

CVE-2015-6269

TITLE

Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004530

DESCRIPTION

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles security vulnerabilities in IP v4 and IPv6 packets, allowing remote attackers to exploit vulnerabilities by sending special packets to crash the target ESP and overload the target device. Cisco IOS XE on ASR 1000 is an operating system developed by Cisco in the ASR 1000 series routers

Trust: 2.25

sources: NVD: CVE-2015-6269 // JVNDB: JVNDB-2015-004530 // CNVD: CNVD-2015-05750 // VULHUB: VHN-84230

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05750

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2 .1	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2 .2	Trust: 0.8
vendor:	cisco	model:	asr	scope:	eq	version:	1000	Trust: 0.6

sources: CNVD: CNVD-2015-05750 // JVNDB: JVNDB-2015-004530 // CNNVD: CNNVD-201508-585 // NVD: CVE-2015-6269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6269
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6269
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05750
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-585
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84230
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6269
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05750
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84230
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05750 // VULHUB: VHN-84230 // JVNDB: JVNDB-2015-004530 // CNNVD: CNNVD-201508-585 // NVD: CVE-2015-6269

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84230 // JVNDB: JVNDB-2015-004530 // NVD: CVE-2015-6269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-585

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201508-585

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004530

PATCH

title:	40686	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40686	Trust: 0.8
title:	Patch for Cisco ASR 1000 Series Router IP Packet Handling Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/63357	Trust: 0.6
title:	Cisco ASR 1000 IOS XE Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61032	Trust: 0.6

sources: CNVD: CNVD-2015-05750 // JVNDB: JVNDB-2015-004530 // CNNVD: CNNVD-201508-585

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6269	Trust: 3.1
db:	SECTRACK	id:	1033410	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004530	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-585	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05750	Trust: 0.6
db:	VULHUB	id:	VHN-84230	Trust: 0.1

sources: CNVD: CNVD-2015-05750 // VULHUB: VHN-84230 // JVNDB: JVNDB-2015-004530 // CNNVD: CNNVD-201508-585 // NVD: CVE-2015-6269

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40686	Trust: 2.3
url:	http://www.securitytracker.com/id/1033410	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6269	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6269	Trust: 0.8

sources: CNVD: CNVD-2015-05750 // VULHUB: VHN-84230 // JVNDB: JVNDB-2015-004530 // CNNVD: CNNVD-201508-585 // NVD: CVE-2015-6269

SOURCES

db:	CNVD	id:	CNVD-2015-05750
db:	VULHUB	id:	VHN-84230
db:	JVNDB	id:	JVNDB-2015-004530
db:	CNNVD	id:	CNNVD-201508-585
db:	NVD	id:	CVE-2015-6269

LAST UPDATE DATE

2024-11-23T22:08:02.104000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05750	date:	2015-09-01T00:00:00
db:	VULHUB	id:	VHN-84230	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-004530	date:	2015-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201508-585	date:	2015-09-10T00:00:00
db:	NVD	id:	CVE-2015-6269	date:	2024-11-21T02:34:40.540

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05750	date:	2015-09-01T00:00:00
db:	VULHUB	id:	VHN-84230	date:	2015-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-004530	date:	2015-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201508-585	date:	2015-08-31T00:00:00
db:	NVD	id:	CVE-2015-6269	date:	2015-08-31T20:59:02.937