Details of VAR-201508-0100

ID

VAR-201508-0100

CVE

CVE-2015-6273

TITLE

Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004509

DESCRIPTION

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. Vendors have confirmed this vulnerability Bug ID CSCtf87624 , CSCte93229 , CSCtd19103 ,and CSCti63623 It is released as.Skillfully crafted by a third party IP Service disruption via packets ( Embedded service processor ) There is a possibility of being put into a state. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles IP packets with security vulnerabilities. It allows remote attackers to exploit vulnerabilities by sending special IP packets to trigger vulnerabilities in the VFR function and crash the target ESP. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623

Trust: 2.52

sources: NVD: CVE-2015-6273 // JVNDB: JVNDB-2015-004509 // CNVD: CNVD-2015-05748 // BID: 75509 // VULHUB: VHN-84234

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05748

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2 .1	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2 .2	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	2.2 .3	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s .0	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s .1	Trust: 0.8
vendor:	cisco	model:	asr	scope:	eq	version:	1000	Trust: 0.6
vendor:	cisco	model:	ios xe 3.1.2s	scope:	lt	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.1s.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.1s.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.1.2s	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-05748 // BID: 75509 // JVNDB: JVNDB-2015-004509 // CNNVD: CNNVD-201508-565 // NVD: CVE-2015-6273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6273
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6273
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05748
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-565
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84234
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6273
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05748
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84234
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05748 // VULHUB: VHN-84234 // JVNDB: JVNDB-2015-004509 // CNNVD: CNNVD-201508-565 // NVD: CVE-2015-6273

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84234 // JVNDB: JVNDB-2015-004509 // NVD: CVE-2015-6273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-565

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201508-565

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004509

PATCH

title:	40690	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40690	Trust: 0.8
title:	Patch for Cisco ASR 1000 Series Router IOS XE VFR Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/63353	Trust: 0.6

sources: CNVD: CNVD-2015-05748 // JVNDB: JVNDB-2015-004509

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6273	Trust: 3.4
db:	SECTRACK	id:	1033408	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004509	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05748	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-565	Trust: 0.6
db:	BID	id:	75509	Trust: 0.4
db:	VULHUB	id:	VHN-84234	Trust: 0.1

sources: CNVD: CNVD-2015-05748 // VULHUB: VHN-84234 // BID: 75509 // JVNDB: JVNDB-2015-004509 // CNNVD: CNNVD-201508-565 // NVD: CVE-2015-6273

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40690	Trust: 2.6
url:	http://www.securitytracker.com/id/1033408	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6273	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6273	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html	Trust: 0.3

sources: CNVD: CNVD-2015-05748 // VULHUB: VHN-84234 // BID: 75509 // JVNDB: JVNDB-2015-004509 // CNNVD: CNNVD-201508-565 // NVD: CVE-2015-6273

CREDITS

Cisco

Trust: 0.3

sources: BID: 75509

SOURCES

db:	CNVD	id:	CNVD-2015-05748
db:	VULHUB	id:	VHN-84234
db:	BID	id:	75509
db:	JVNDB	id:	JVNDB-2015-004509
db:	CNNVD	id:	CNNVD-201508-565
db:	NVD	id:	CVE-2015-6273

LAST UPDATE DATE

2024-11-23T23:09:14.741000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05748	date:	2015-09-01T00:00:00
db:	VULHUB	id:	VHN-84234	date:	2017-09-20T00:00:00
db:	BID	id:	75509	date:	2015-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-004509	date:	2015-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201508-565	date:	2015-09-10T00:00:00
db:	NVD	id:	CVE-2015-6273	date:	2024-11-21T02:34:41.017

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05748	date:	2015-09-01T00:00:00
db:	VULHUB	id:	VHN-84234	date:	2015-08-29T00:00:00
db:	BID	id:	75509	date:	2015-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-004509	date:	2015-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201508-565	date:	2015-08-31T00:00:00
db:	NVD	id:	CVE-2015-6273	date:	2015-08-29T01:59:02.690