Details of VAR-201511-0229

ID

VAR-201511-0229

CVE

CVE-2015-6377

TITLE

Cisco Virtual Topology System Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006010

DESCRIPTION

Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379. Cisco Virtual Topology System is prone to a denial-of-service vulnerability. An attacker can exploit this issue to consume CPU resources and cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCux13379. Cisco Virtual Topology System (VTS) is an open source and scalable SDN framework for data center virtual network configuration and management developed by Cisco

Trust: 2.07

sources: NVD: CVE-2015-6377 // JVNDB: JVNDB-2015-006010 // BID: 77687 // VULHUB: VHN-84338 // VULMON: CVE-2015-6377

AFFECTED PRODUCTS

vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.0\(1\)	Trust: 1.6
vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.0\(0\)	Trust: 1.6
vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.0(1)	Trust: 1.1
vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.0(0)	Trust: 1.1

sources: BID: 77687 // JVNDB: JVNDB-2015-006010 // CNNVD: CNNVD-201511-409 // NVD: CVE-2015-6377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6377
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6377
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201511-409
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84338
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-6377
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6377
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-84338
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84338 // VULMON: CVE-2015-6377 // JVNDB: JVNDB-2015-006010 // CNNVD: CNNVD-201511-409 // NVD: CVE-2015-6377

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84338 // JVNDB: JVNDB-2015-006010 // NVD: CVE-2015-6377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-409

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201511-409

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006010

PATCH

title:	cisco-sa-20151123-vts	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts	Trust: 0.8
title:	Cisco Virtual Topology System Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58845	Trust: 0.6
title:	Cisco: Cisco Virtual Topology System TCP Connection Functionality Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151123-vts	Trust: 0.1

sources: VULMON: CVE-2015-6377 // JVNDB: JVNDB-2015-006010 // CNNVD: CNNVD-201511-409

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6377	Trust: 2.9
db:	JVNDB	id:	JVNDB-2015-006010	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-409	Trust: 0.7
db:	BID	id:	77687	Trust: 0.5
db:	SEEBUG	id:	SSVID-89947	Trust: 0.1
db:	VULHUB	id:	VHN-84338	Trust: 0.1
db:	VULMON	id:	CVE-2015-6377	Trust: 0.1

sources: VULHUB: VHN-84338 // VULMON: CVE-2015-6377 // BID: 77687 // JVNDB: JVNDB-2015-006010 // CNNVD: CNNVD-201511-409 // NVD: CVE-2015-6377

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151123-vts	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6377	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6377	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/77687	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-84338 // VULMON: CVE-2015-6377 // BID: 77687 // JVNDB: JVNDB-2015-006010 // CNNVD: CNNVD-201511-409 // NVD: CVE-2015-6377

CREDITS

Cisco

Trust: 0.3

sources: BID: 77687

SOURCES

db:	VULHUB	id:	VHN-84338
db:	VULMON	id:	CVE-2015-6377
db:	BID	id:	77687
db:	JVNDB	id:	JVNDB-2015-006010
db:	CNNVD	id:	CNNVD-201511-409
db:	NVD	id:	CVE-2015-6377

LAST UPDATE DATE

2024-11-23T22:27:04.363000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84338	date:	2015-11-24T00:00:00
db:	VULMON	id:	CVE-2015-6377	date:	2015-11-24T00:00:00
db:	BID	id:	77687	date:	2015-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-006010	date:	2015-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201511-409	date:	2015-11-25T00:00:00
db:	NVD	id:	CVE-2015-6377	date:	2024-11-21T02:34:53.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84338	date:	2015-11-24T00:00:00
db:	VULMON	id:	CVE-2015-6377	date:	2015-11-24T00:00:00
db:	BID	id:	77687	date:	2015-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-006010	date:	2015-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201511-409	date:	2015-11-25T00:00:00
db:	NVD	id:	CVE-2015-6377	date:	2015-11-24T04:59:00.177