ID
VAR-201508-0500
CVE
CVE-2015-4291
TITLE
Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities
Trust: 0.8
sources:
JVNDB: JVNDB-2015-003962
DESCRIPTION
Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtd72617
Trust: 2.52
sources:
NVD: CVE-2015-4291 //
JVNDB: JVNDB-2015-003962 //
CNVD: CNVD-2015-05095 //
BID: 76118 //
VULHUB: VHN-82252
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05095
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.1.2 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.1.1 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.3.0t | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.4.1 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.2.3 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.2.1 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.1.0 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.4.0 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.3.0 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.2.2 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.3.1t | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.3.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.5.0 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.5.1 | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | lt | version: | 2.x | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.4.3 | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | lt | version: | 2.5.x | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.x(<2.4.3) | Trust: 0.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 2.5.x(<2.5.1) | Trust: 0.6 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.4.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.3.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.2.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.2.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.1.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.1.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 2.5.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software 2.3.1t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software 2.3.0t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | asr series routers | scope: | eq | version: | 10000 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | ne | version: | 2.5.1(1) | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | ne | version: | 2.5.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe software | scope: | ne | version: | 2.4.3(1) | Trust: 0.3 |
sources:
CNVD: CNVD-2015-05095 //
BID: 76118 //
JVNDB: JVNDB-2015-003962 //
CNNVD: CNNVD-201507-846 //
NVD: CVE-2015-4291
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-05095 //
VULHUB: VHN-82252 //
JVNDB: JVNDB-2015-003962 //
CNNVD: CNNVD-201507-846 //
NVD: CVE-2015-4291
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
sources:
VULHUB: VHN-82252 //
JVNDB: JVNDB-2015-003962 //
NVD: CVE-2015-4291
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201507-846
TYPE
resource management error
Trust: 0.6
sources:
CNNVD: CNNVD-201507-846
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-003962
PATCH
| title: | cisco-sa-20150730-asr1k | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k | Trust: 0.8 |
| title: | 40212 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=40212 | Trust: 0.8 |
| title: | cisco-sa-20150730-asr1k | url: | http://www.cisco.com/cisco/web/support/JP/113/1130/1130249_cisco-sa-20150730-asr1k-j.html | Trust: 0.8 |
| title: | Patch for Cisco ASR 1000 Series Aggregation Services Routers Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/61887 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05095 //
JVNDB: JVNDB-2015-003962
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-4291 | Trust: 3.4 |
| db: | SECTRACK | id: | 1033131 | Trust: 1.1 |
| db: | BID | id: | 76118 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2015-003962 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201507-846 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-05095 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-82252 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-05095 //
VULHUB: VHN-82252 //
BID: 76118 //
JVNDB: JVNDB-2015-003962 //
CNNVD: CNNVD-201507-846 //
NVD: CVE-2015-4291
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150730-asr1k | Trust: 2.6 |
| url: | http://www.securitytracker.com/id/1033131 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4291 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4291 | Trust: 0.8 |
| url: | http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/software_packaging_architecture.html | Trust: 0.3 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html | Trust: 0.3 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=40212 | Trust: 0.3 |
sources:
CNVD: CNVD-2015-05095 //
VULHUB: VHN-82252 //
BID: 76118 //
JVNDB: JVNDB-2015-003962 //
CNNVD: CNNVD-201507-846 //
NVD: CVE-2015-4291
CREDITS
Cisco
Trust: 0.3
sources:
BID: 76118
SOURCES
| db: | CNVD | id: | CNVD-2015-05095 |
| db: | VULHUB | id: | VHN-82252 |
| db: | BID | id: | 76118 |
| db: | JVNDB | id: | JVNDB-2015-003962 |
| db: | CNNVD | id: | CNNVD-201507-846 |
| db: | NVD | id: | CVE-2015-4291 |
LAST UPDATE DATE
2024-11-23T22:42:27.639000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-05095 | date: | 2015-08-04T00:00:00 |
| db: | VULHUB | id: | VHN-82252 | date: | 2015-08-21T00:00:00 |
| db: | BID | id: | 76118 | date: | 2015-07-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-003962 | date: | 2015-08-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201507-846 | date: | 2015-08-06T00:00:00 |
| db: | NVD | id: | CVE-2015-4291 | date: | 2024-11-21T02:30:46.827 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-05095 | date: | 2015-08-04T00:00:00 |
| db: | VULHUB | id: | VHN-82252 | date: | 2015-08-01T00:00:00 |
| db: | BID | id: | 76118 | date: | 2015-07-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-003962 | date: | 2015-08-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201507-846 | date: | 2015-07-31T00:00:00 |
| db: | NVD | id: | CVE-2015-4291 | date: | 2015-08-01T01:59:16.007 |