Sign-up

ID

VAR-201508-0099


CVE

CVE-2015-6272


TITLE

Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004533

DESCRIPTION

Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064. Vendors have confirmed this vulnerability Bug ID CSCsx35393 , CSCsx07094 ,and CSCsw93064 It is released as.Skillfully crafted by a third party H.323 Service disruption via packets ( Embedded service processor crash ) There is a possibility of being put into a state. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles security vulnerabilities in H.323 messages, allowing remote attackers to exploit vulnerabilities by sending special messages to crash the target ESP and overload the target device. A system configured with a NAT ALG or firewall is affected by this vulnerability. Cisco IOS XE on ASR 1000 is an operating system developed by Cisco in the ASR 1000 series routers. A security vulnerability exists in Cisco IOS XE Releases 2.1.0 through 2.2.3 and 2.3.0 on Cisco ASR 1000 devices

Trust: 2.25

sources: NVD: CVE-2015-6272 // JVNDB: JVNDB-2015-004533 // CNVD: CNVD-2015-05744 // VULHUB: VHN-84233

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05744

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:2.1.2

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.1.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2.3

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.1.3

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.1.0

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.3.0

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.2.2

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:2.1 .0

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.1 .1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.1 .2

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.1 .3

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.2 .1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.2 .2

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.2 .3

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.3 .0

Trust: 0.8

vendor:ciscomodel:asrscope:eqversion:1000

Trust: 0.6

sources: CNVD: CNVD-2015-05744 // JVNDB: JVNDB-2015-004533 // CNNVD: CNNVD-201508-588 // NVD: CVE-2015-6272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6272
value: HIGH

Trust: 1.0

NVD: CVE-2015-6272
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05744
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-588
value: HIGH

Trust: 0.6

VULHUB: VHN-84233
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6272
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05744
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84233
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05744 // VULHUB: VHN-84233 // JVNDB: JVNDB-2015-004533 // CNNVD: CNNVD-201508-588 // NVD: CVE-2015-6272

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84233 // JVNDB: JVNDB-2015-004533 // NVD: CVE-2015-6272

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-588

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201508-588

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004533

PATCH
title:40689url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40689
Trust: 0.8
title:Patch for Cisco ASR 1000 Series Router H.323 Packet Handling Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/63363
Trust: 0.6
title:Cisco ASR 1000 IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61035
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-05744 // 
            
            
            
            JVNDB: JVNDB-2015-004533 // 
            
            
            
            CNNVD: CNNVD-201508-588

EXTERNAL IDS
db:NVDid:CVE-2015-6272
Trust: 3.1
db:SECTRACKid:1033410
Trust: 1.1
db:JVNDBid:JVNDB-2015-004533
Trust: 0.8
db:CNNVDid:CNNVD-201508-588
Trust: 0.7
db:CNVDid:CNVD-2015-05744
Trust: 0.6
db:VULHUBid:VHN-84233
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05744 // 
            
            
            
            VULHUB: VHN-84233 // 
            
            
            
            JVNDB: JVNDB-2015-004533 // 
            
            
            
            CNNVD: CNNVD-201508-588 // 
            
            
            
            NVD: CVE-2015-6272

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40689
Trust: 2.3
url:http://www.securitytracker.com/id/1033410
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6272
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6272
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2015-05744 // 
            
            
            
            VULHUB: VHN-84233 // 
            
            
            
            JVNDB: JVNDB-2015-004533 // 
            
            
            
            CNNVD: CNNVD-201508-588 // 
            
            
            
            NVD: CVE-2015-6272

SOURCES
db:CNVDid:CNVD-2015-05744
db:VULHUBid:VHN-84233
db:JVNDBid:JVNDB-2015-004533
db:CNNVDid:CNNVD-201508-588
db:NVDid:CVE-2015-6272

LAST UPDATE DATE
2024-11-23T22:08:02.174000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05744date:2015-09-01T00:00:00
db:VULHUBid:VHN-84233date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2015-004533date:2015-09-02T00:00:00
db:CNNVDid:CNNVD-201508-588date:2015-09-10T00:00:00
db:NVDid:CVE-2015-6272date:2024-11-21T02:34:40.900

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05744date:2015-09-01T00:00:00
db:VULHUBid:VHN-84233date:2015-08-31T00:00:00
db:JVNDBid:JVNDB-2015-004533date:2015-09-02T00:00:00
db:CNNVDid:CNNVD-201508-588date:2015-08-31T00:00:00
db:NVDid:CVE-2015-6272date:2015-08-31T20:59:06.280