Details of VAR-201511-0230

ID

VAR-201511-0230

CVE

CVE-2015-6379

TITLE

Cisco Adaptive Security Appliance Software management interface XML Service disruption in parsers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006018

DESCRIPTION

The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223. An attacker can exploit this issue to crash the affected system, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCut14223

Trust: 1.98

sources: NVD: CVE-2015-6379 // JVNDB: JVNDB-2015-006018 // BID: 77992 // VULHUB: VHN-84340

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.722	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.58	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.57	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.54	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.52	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.512	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.510	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.49	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.46	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.433	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.430	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.427	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.425	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.418	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.316	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.312	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.31	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.26	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.234	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.222	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.219	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.218	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.214	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.210	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.19	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.124	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.119	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.113	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.26	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.23	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.9)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.5)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.28)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.26)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.23)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.2)2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.15)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.11)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2(5.16)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2(5.15)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2(5.12)	Trust: 0.3

sources: BID: 77992 // JVNDB: JVNDB-2015-006018 // CNNVD: CNNVD-201511-423 // NVD: CVE-2015-6379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6379
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6379
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201511-423
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84340
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6379
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84340
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84340 // JVNDB: JVNDB-2015-006018 // CNNVD: CNNVD-201511-423 // NVD: CVE-2015-6379

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84340 // JVNDB: JVNDB-2015-006018 // NVD: CVE-2015-6379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-423

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201511-423

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006018

PATCH

title:	cisco-sa-20151123-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa	Trust: 0.8
title:	Cisco Adaptive Security Appliances Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58858	Trust: 0.6

sources: JVNDB: JVNDB-2015-006018 // CNNVD: CNNVD-201511-423

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6379	Trust: 2.8
db:	SECTRACK	id:	1034251	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006018	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-423	Trust: 0.7
db:	BID	id:	77992	Trust: 0.4
db:	SEEBUG	id:	SSVID-89953	Trust: 0.1
db:	VULHUB	id:	VHN-84340	Trust: 0.1

sources: VULHUB: VHN-84340 // BID: 77992 // JVNDB: JVNDB-2015-006018 // CNNVD: CNNVD-201511-423 // NVD: CVE-2015-6379

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151123-asa	Trust: 1.7
url:	http://www.securitytracker.com/id/1034251	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6379	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6379	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84340 // BID: 77992 // JVNDB: JVNDB-2015-006018 // CNNVD: CNNVD-201511-423 // NVD: CVE-2015-6379

CREDITS

Cisco

Trust: 0.3

sources: BID: 77992

SOURCES

db:	VULHUB	id:	VHN-84340
db:	BID	id:	77992
db:	JVNDB	id:	JVNDB-2015-006018
db:	CNNVD	id:	CNNVD-201511-423
db:	NVD	id:	CVE-2015-6379

LAST UPDATE DATE

2024-11-23T21:43:37.368000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84340	date:	2017-09-14T00:00:00
db:	BID	id:	77992	date:	2016-02-02T20:23:00
db:	JVNDB	id:	JVNDB-2015-006018	date:	2015-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201511-423	date:	2015-11-26T00:00:00
db:	NVD	id:	CVE-2015-6379	date:	2024-11-21T02:34:53.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84340	date:	2015-11-25T00:00:00
db:	BID	id:	77992	date:	2015-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2015-006018	date:	2015-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201511-423	date:	2015-11-26T00:00:00
db:	NVD	id:	CVE-2015-6379	date:	2015-11-25T04:59:00.153