Sign-up

ID

VAR-201509-0016


CVE

CVE-2015-6295


TITLE

Cisco Nexus 9000 Run on device Cisco NX-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004942

DESCRIPTION

Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. The Cisco NX-OS on Nexus 9000 (N9K) is a set of operating systems running on the Nexus 9000 Series devices from Cisco. A security vulnerability exists in the NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) versions on Cisco N9K devices. This issue is being tracked by Cisco Bug ID CSCuw13560. The vulnerability is caused by the program not properly validating the VLAN number in Layer 2 packets

Trust: 2.52

sources: NVD: CVE-2015-6295 // JVNDB: JVNDB-2015-004942 // CNVD: CNVD-2015-06223 // BID: 76762 // VULHUB: VHN-84256

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06223

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:6.1\(2\)i3\(4\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.1(2)i3(4)

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:7.0(3)i1(1)

Trust: 0.8

vendor:ciscomodel:nx-os 6.1 i3scope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-os 7.0 i1scope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-os software for nexus series 7.0 i1scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series 6.1 i3scope:eqversion:9000

Trust: 0.3

sources: CNVD: CNVD-2015-06223 // BID: 76762 // JVNDB: JVNDB-2015-004942 // CNNVD: CNNVD-201509-243 // NVD: CVE-2015-6295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6295
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6295
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06223
value: LOW

Trust: 0.6

CNNVD: CNNVD-201509-243
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84256
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6295
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06223
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84256
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-06223 // VULHUB: VHN-84256 // JVNDB: JVNDB-2015-004942 // CNNVD: CNNVD-201509-243 // NVD: CVE-2015-6295

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84256 // JVNDB: JVNDB-2015-004942 // NVD: CVE-2015-6295

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201509-243

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201509-243

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004942

PATCH
title:40990url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40990
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004942

EXTERNAL IDS
db:NVDid:CVE-2015-6295
Trust: 3.4
db:SECTRACKid:1033611
Trust: 1.1
db:BIDid:76762
Trust: 1.0
db:JVNDBid:JVNDB-2015-004942
Trust: 0.8
db:CNNVDid:CNNVD-201509-243
Trust: 0.7
db:CNVDid:CNVD-2015-06223
Trust: 0.6
db:VULHUBid:VHN-84256
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06223 // 
            
            
            
            VULHUB: VHN-84256 // 
            
            
            
            BID: 76762 // 
            
            
            
            JVNDB: JVNDB-2015-004942 // 
            
            
            
            CNNVD: CNNVD-201509-243 // 
            
            
            
            NVD: CVE-2015-6295

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40990
Trust: 2.6
url:http://www.securitytracker.com/id/1033611
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6295
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6295
Trust: 0.8
url:http://www.securityfocus.com/bid/76762
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps9372/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06223 // 
            
            
            
            VULHUB: VHN-84256 // 
            
            
            
            BID: 76762 // 
            
            
            
            JVNDB: JVNDB-2015-004942 // 
            
            
            
            CNNVD: CNNVD-201509-243 // 
            
            
            
            NVD: CVE-2015-6295

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76762 // 
            
            
            
            CNNVD: CNNVD-201509-243

SOURCES
db:CNVDid:CNVD-2015-06223
db:VULHUBid:VHN-84256
db:BIDid:76762
db:JVNDBid:JVNDB-2015-004942
db:CNNVDid:CNNVD-201509-243
db:NVDid:CVE-2015-6295

LAST UPDATE DATE
2024-11-23T22:49:21.780000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06223date:2015-09-25T00:00:00
db:VULHUBid:VHN-84256date:2016-12-29T00:00:00
db:BIDid:76762date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004942date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-243date:2015-09-24T00:00:00
db:NVDid:CVE-2015-6295date:2024-11-21T02:34:43.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06223date:2015-09-25T00:00:00
db:VULHUBid:VHN-84256date:2015-09-20T00:00:00
db:BIDid:76762date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004942date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-243date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6295date:2015-09-20T14:59:03.850