Details of VAR-201508-0508

ID

VAR-201508-0508

CVE

CVE-2015-4301

TITLE

Cisco Nexus 9000 Runs on series devices Cisco NX-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004357

DESCRIPTION

Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. Cisco Nexus is a data center-class switch from Cisco. Cisco Nexus 9000 Series Software is prone to a denial-of-service vulnerability An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCuu77225. The vulnerability is caused by the program not correctly handling large files in the /tmp directory

Trust: 2.61

sources: NVD: CVE-2015-4301 // JVNDB: JVNDB-2015-004357 // CNVD: CNVD-2015-05530 // BID: 76329 // VULHUB: VHN-82262 // VULMON: CVE-2015-4301

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05530

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	11.1\(1c\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	11.1(1c) (cisco nexus 9000 series )	Trust: 0.8
vendor:	cisco	model:	nexus 11.1	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nx-os software for nexus series 11.1	scope:	eq	version:	9000	Trust: 0.3

sources: CNVD: CNVD-2015-05530 // BID: 76329 // JVNDB: JVNDB-2015-004357 // CNNVD: CNNVD-201508-384 // NVD: CVE-2015-4301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4301
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4301
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05530
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201508-384
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82262
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-4301
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4301
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-05530
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82262
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05530 // VULHUB: VHN-82262 // VULMON: CVE-2015-4301 // JVNDB: JVNDB-2015-004357 // CNNVD: CNNVD-201508-384 // NVD: CVE-2015-4301

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-82262 // JVNDB: JVNDB-2015-004357 // NVD: CVE-2015-4301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-384

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201508-384

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004357

PATCH

title:	40431	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40431	Trust: 0.8
title:	Patch for Cisco Nexus 9000 Series NX-OS '/tmp' Directory File Resource Consumption Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/62936	Trust: 0.6

sources: CNVD: CNVD-2015-05530 // JVNDB: JVNDB-2015-004357

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4301	Trust: 3.5
db:	SECTRACK	id:	1033267	Trust: 1.2
db:	BID	id:	76329	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-004357	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-384	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05530	Trust: 0.6
db:	VULHUB	id:	VHN-82262	Trust: 0.1
db:	VULMON	id:	CVE-2015-4301	Trust: 0.1

sources: CNVD: CNVD-2015-05530 // VULHUB: VHN-82262 // VULMON: CVE-2015-4301 // BID: 76329 // JVNDB: JVNDB-2015-004357 // CNNVD: CNNVD-201508-384 // NVD: CVE-2015-4301

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40431	Trust: 2.4
url:	http://www.securitytracker.com/id/1033267	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4301	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4301	Trust: 0.8
url:	http://www.securityfocus.com/bid/76329	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40431	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-05530 // VULHUB: VHN-82262 // VULMON: CVE-2015-4301 // BID: 76329 // JVNDB: JVNDB-2015-004357 // CNNVD: CNNVD-201508-384 // NVD: CVE-2015-4301

CREDITS

Cisco

Trust: 0.9

sources: BID: 76329 // CNNVD: CNNVD-201508-384

SOURCES

db:	CNVD	id:	CNVD-2015-05530
db:	VULHUB	id:	VHN-82262
db:	VULMON	id:	CVE-2015-4301
db:	BID	id:	76329
db:	JVNDB	id:	JVNDB-2015-004357
db:	CNNVD	id:	CNNVD-201508-384
db:	NVD	id:	CVE-2015-4301

LAST UPDATE DATE

2024-11-23T22:27:05.342000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05530	date:	2015-08-25T00:00:00
db:	VULHUB	id:	VHN-82262	date:	2016-12-28T00:00:00
db:	VULMON	id:	CVE-2015-4301	date:	2016-12-28T00:00:00
db:	BID	id:	76329	date:	2015-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-004357	date:	2015-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201508-384	date:	2015-08-20T00:00:00
db:	NVD	id:	CVE-2015-4301	date:	2024-11-21T02:30:47.870

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05530	date:	2015-08-24T00:00:00
db:	VULHUB	id:	VHN-82262	date:	2015-08-19T00:00:00
db:	VULMON	id:	CVE-2015-4301	date:	2015-08-19T00:00:00
db:	BID	id:	76329	date:	2015-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-004357	date:	2015-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201508-384	date:	2015-08-18T00:00:00
db:	NVD	id:	CVE-2015-4301	date:	2015-08-19T15:59:03.727