Details of VAR-201509-0285

ID

VAR-201509-0285

CVE

CVE-2015-6277

TITLE

plural Cisco Nexus Run on device Cisco NX-OS and MDS SAN-OS of ARP Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004562

DESCRIPTION

The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. Vendors have confirmed this vulnerability Bug ID CSCut25292 It is released as.Denial of service via a crafted packet header field by a third party (ARP Process restart ) There is a possibility of being put into a state. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. A security vulnerability exists in the Cisco NX-OS. The attacker is allowed to submit a special ARP packet to restart the target ARP service. This issue is being tracked by Cisco Bug IDs CSCut25292, CSCuw02034, CSCuw02035, CSCuw02037, and CSCuw02038. are all products of Cisco (Cisco). Cisco Nexus 1000V Switch is a virtual switch product running on the virtual machine platform (VMware vSphere), 3000, 4000, 7000 and 9000 series switches. Cisco MDS SAN-OS Software is an operating system running on fiber optic switches. The following products and versions are affected: Cisco MDS 9000 NX-OS and SAN-OS Software running Cisco NX-OS 7.0(0)HSK(0.353), Cisco NX-OS 5.2(1)SV3(1.4) Nexus 1000V Switches for VMware vSphere, Cisco Nexus 3000 Series Switches running Cisco NX-OS Release 7.3(0)ZD(0.47), Cisco Nexus 9000 Series Switches running Cisco NX-OS Release 7.3(0)ZD(0.61), running Cisco Nexus 4000 Series Switches with Cisco NX-OS 4.1(2)E1 release

Trust: 2.52

sources: NVD: CVE-2015-6277 // JVNDB: JVNDB-2015-004562 // CNVD: CNVD-2015-05865 // BID: 76548 // VULHUB: VHN-84238

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05865

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(0\)zd\(0.61\)	Trust: 1.6
vendor:	cisco	model:	san-os	scope:	eq	version:	7.0\(0\)hsk\(0.353\)	Trust: 1.6
vendor:	cisco	model:	1000v	scope:	eq	version:	5.2\(1\)sv3\(1.4\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(0\)hsk\(0.353\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(0\)zd\(0.47\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(2\)e1	Trust: 1.6
vendor:	cisco	model:	mds 9000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	7.0 (0)hsk(0.353)	Trust: 0.8
vendor:	cisco	model:	mds san-os	scope:	eq	version:	7.0 (0)hsk(0.353)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1(2)e1(1c) (cisco nexus 4000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2(1)sv3(1.4) (cisco nexus 1000v switch for vmware vsphere)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3(0)zd(0.47) (cisco nexus 3000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3(0)zd(0.61) (cisco nexus 9000 series )	Trust: 0.8
vendor:	cisco	model:	nexus 4.1 e1	scope:	eq	version:	4000	Trust: 0.6
vendor:	cisco	model:	nexus 7.3 zd	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	mds 7.0 hsk	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	san-os nx-os on mds devices 7.0 hsk	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus 7.3 zd	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nx-os on nexus devices for vmware vsphere 5.2 sv3	scope:	eq	version:	1000v	Trust: 0.6
vendor:	cisco	model:	nexus switch for vmware vsphere 5.2 sv3	scope:	eq	version:	1000v	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 7.3 zd	scope:	eq	version:	1000v9000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 4.1 e1	scope:	eq	version:	1000v4000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 7.3 zd	scope:	eq	version:	1000v3000	Trust: 0.3
vendor:	cisco	model:	mds san-os software hsk	scope:	eq	version:	7.0	Trust: 0.3
vendor:	cisco	model:	mds nx-os software 7.0 hsk	scope:	eq	version:	9000	Trust: 0.3

sources: CNVD: CNVD-2015-05865 // BID: 76548 // JVNDB: JVNDB-2015-004562 // CNNVD: CNNVD-201509-016 // NVD: CVE-2015-6277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6277
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6277
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05865
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-016
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84238
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6277
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05865
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84238
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05865 // VULHUB: VHN-84238 // JVNDB: JVNDB-2015-004562 // CNNVD: CNNVD-201509-016 // NVD: CVE-2015-6277

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84238 // JVNDB: JVNDB-2015-004562 // NVD: CVE-2015-6277

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201509-016

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201509-016

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004562

PATCH

title:	40748	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40748	Trust: 0.8
title:	Patch for Cisco NX-OS ARP Service Restart Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/63608	Trust: 0.6
title:	Cisco NX-OS Address Resolution Protocol Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61037	Trust: 0.6

sources: CNVD: CNVD-2015-05865 // JVNDB: JVNDB-2015-004562 // CNNVD: CNNVD-201509-016

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6277	Trust: 3.4
db:	SECTRACK	id:	1033443	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004562	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-016	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05865	Trust: 0.6
db:	BID	id:	76548	Trust: 0.4
db:	VULHUB	id:	VHN-84238	Trust: 0.1

sources: CNVD: CNVD-2015-05865 // VULHUB: VHN-84238 // BID: 76548 // JVNDB: JVNDB-2015-004562 // CNNVD: CNNVD-201509-016 // NVD: CVE-2015-6277

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40748	Trust: 2.6
url:	http://www.securitytracker.com/id/1033443	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6277	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6277	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05865 // VULHUB: VHN-84238 // BID: 76548 // JVNDB: JVNDB-2015-004562 // CNNVD: CNNVD-201509-016 // NVD: CVE-2015-6277

CREDITS

Cisco

Trust: 0.3

sources: BID: 76548

SOURCES

db:	CNVD	id:	CNVD-2015-05865
db:	VULHUB	id:	VHN-84238
db:	BID	id:	76548
db:	JVNDB	id:	JVNDB-2015-004562
db:	CNNVD	id:	CNNVD-201509-016
db:	NVD	id:	CVE-2015-6277

LAST UPDATE DATE

2024-11-23T22:01:42.429000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05865	date:	2015-09-09T00:00:00
db:	VULHUB	id:	VHN-84238	date:	2017-09-20T00:00:00
db:	BID	id:	76548	date:	2015-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-004562	date:	2015-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201509-016	date:	2015-09-07T00:00:00
db:	NVD	id:	CVE-2015-6277	date:	2024-11-21T02:34:41.370

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05865	date:	2015-09-09T00:00:00
db:	VULHUB	id:	VHN-84238	date:	2015-09-02T00:00:00
db:	BID	id:	76548	date:	2015-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-004562	date:	2015-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201509-016	date:	2015-09-07T00:00:00
db:	NVD	id:	CVE-2015-6277	date:	2015-09-02T16:59:03.907