ID

VAR-201508-0097


CVE

CVE-2015-6270


TITLE

Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004531

DESCRIPTION

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles security vulnerabilities in IPv6 packets, allowing remote attackers to exploit vulnerabilities by sending special packets to crash the target ESP and overload the target device. Cisco IOS XE on ASR 1000 is an operating system developed by Cisco in the ASR 1000 series routers

Trust: 2.25

sources: NVD: CVE-2015-6270 // JVNDB: JVNDB-2015-004531 // CNVD: CNVD-2015-05746 // VULHUB: VHN-84231

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05746

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:2.2.2

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2 .1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.2 .2

Trust: 0.8

vendor:ciscomodel:asrscope:eqversion:1000

Trust: 0.6

sources: CNVD: CNVD-2015-05746 // JVNDB: JVNDB-2015-004531 // CNNVD: CNNVD-201508-586 // NVD: CVE-2015-6270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6270
value: HIGH

Trust: 1.0

NVD: CVE-2015-6270
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05746
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-586
value: HIGH

Trust: 0.6

VULHUB: VHN-84231
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6270
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05746
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84231
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05746 // VULHUB: VHN-84231 // JVNDB: JVNDB-2015-004531 // CNNVD: CNNVD-201508-586 // NVD: CVE-2015-6270

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84231 // JVNDB: JVNDB-2015-004531 // NVD: CVE-2015-6270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-586

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201508-586

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004531

PATCH

title:40687url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40687

Trust: 0.8

title:Patch for Cisco ASR 1000 Series Router IPv6 Packet Handling Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/63360

Trust: 0.6

sources: CNVD: CNVD-2015-05746 // JVNDB: JVNDB-2015-004531

EXTERNAL IDS

db:NVDid:CVE-2015-6270

Trust: 3.1

db:SECTRACKid:1033410

Trust: 1.1

db:JVNDBid:JVNDB-2015-004531

Trust: 0.8

db:CNNVDid:CNNVD-201508-586

Trust: 0.7

db:CNVDid:CNVD-2015-05746

Trust: 0.6

db:VULHUBid:VHN-84231

Trust: 0.1

sources: CNVD: CNVD-2015-05746 // VULHUB: VHN-84231 // JVNDB: JVNDB-2015-004531 // CNNVD: CNNVD-201508-586 // NVD: CVE-2015-6270

REFERENCES

url:http://tools.cisco.com/security/center/viewalert.x?alertid=40687

Trust: 2.3

url:http://www.securitytracker.com/id/1033410

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6270

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6270

Trust: 0.8

sources: CNVD: CNVD-2015-05746 // VULHUB: VHN-84231 // JVNDB: JVNDB-2015-004531 // CNNVD: CNNVD-201508-586 // NVD: CVE-2015-6270

SOURCES

db:CNVDid:CNVD-2015-05746
db:VULHUBid:VHN-84231
db:JVNDBid:JVNDB-2015-004531
db:CNNVDid:CNNVD-201508-586
db:NVDid:CVE-2015-6270

LAST UPDATE DATE

2024-11-23T22:08:02.074000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-05746date:2015-09-01T00:00:00
db:VULHUBid:VHN-84231date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2015-004531date:2015-09-02T00:00:00
db:CNNVDid:CNNVD-201508-586date:2015-09-10T00:00:00
db:NVDid:CVE-2015-6270date:2024-11-21T02:34:40.660

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-05746date:2015-09-01T00:00:00
db:VULHUBid:VHN-84231date:2015-08-31T00:00:00
db:JVNDBid:JVNDB-2015-004531date:2015-09-02T00:00:00
db:CNNVDid:CNNVD-201508-586date:2015-08-31T00:00:00
db:NVDid:CVE-2015-6270date:2015-08-31T20:59:04.170