Sign-up

ID

VAR-201512-0390


CVE

CVE-2015-6415


TITLE

Cisco Fabric Interconnect 6200 Run on device Unified Computing System Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006393

DESCRIPTION

Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu81757. A security vulnerability exists in Cisco UCS version 2.2(3f)A on the Cisco Fabric Interconnect 6200 due to the fact that the program does not perform sufficient rate limiting on SSH TCP connection requests at boot time

Trust: 1.98

sources: NVD: CVE-2015-6415 // JVNDB: JVNDB-2015-006393 // BID: 85711 // VULHUB: VHN-84376

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:2.2\(3f\)a

Trust: 1.6

vendor:ciscomodel:unified computing system softwarescope:eqversion:2.2(3f)a

Trust: 0.8

vendor:ciscomodel:unified computing system 2.2 ascope: - version: -

Trust: 0.3

sources: BID: 85711 // JVNDB: JVNDB-2015-006393 // CNNVD: CNNVD-201512-396 // NVD: CVE-2015-6415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6415
value: HIGH

Trust: 1.0

NVD: CVE-2015-6415
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-396
value: HIGH

Trust: 0.6

VULHUB: VHN-84376
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6415
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84376
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84376 // JVNDB: JVNDB-2015-006393 // CNNVD: CNNVD-201512-396 // NVD: CVE-2015-6415

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84376 // JVNDB: JVNDB-2015-006393 // NVD: CVE-2015-6415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-396

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201512-396

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006393

PATCH
title:cisco-sa-20151210-ucsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs
Trust: 0.8
title:Cisco Fabric Interconnect 6200 Unified Computing System Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59213
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006393 // 
            
            
            
            CNNVD: CNNVD-201512-396

EXTERNAL IDS
db:NVDid:CVE-2015-6415
Trust: 2.8
db:BIDid:85711
Trust: 2.0
db:SECTRACKid:1034381
Trust: 1.7
db:JVNDBid:JVNDB-2015-006393
Trust: 0.8
db:CNNVDid:CNNVD-201512-396
Trust: 0.7
db:NSFOCUSid:43480
Trust: 0.6
db:VULHUBid:VHN-84376
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84376 // 
            
            
            
            BID: 85711 // 
            
            
            
            JVNDB: JVNDB-2015-006393 // 
            
            
            
            CNNVD: CNNVD-201512-396 // 
            
            
            
            NVD: CVE-2015-6415

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-ucs
Trust: 2.6
url:http://www.securityfocus.com/bid/85711
Trust: 2.3
url:http://www.securitytracker.com/id/1034381
Trust: 1.7
url:http://www.cisco.com/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6415
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6415
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43480
Trust: 0.6
sources:
            
            
            VULHUB: VHN-84376 // 
            
            
            
            BID: 85711 // 
            
            
            
            JVNDB: JVNDB-2015-006393 // 
            
            
            
            CNNVD: CNNVD-201512-396 // 
            
            
            
            NVD: CVE-2015-6415

CREDITS
Cisco  ?? ??,Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201512-396

SOURCES
db:VULHUBid:VHN-84376
db:BIDid:85711
db:JVNDBid:JVNDB-2015-006393
db:CNNVDid:CNNVD-201512-396
db:NVDid:CVE-2015-6415

LAST UPDATE DATE
2024-11-23T21:54:46.041000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84376date:2019-04-15T00:00:00
db:BIDid:85711date:2019-04-12T19:00:00
db:JVNDBid:JVNDB-2015-006393date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-396date:2019-06-20T00:00:00
db:NVDid:CVE-2015-6415date:2024-11-21T02:34:57.360

SOURCES RELEASE DATE
db:VULHUBid:VHN-84376date:2015-12-12T00:00:00
db:BIDid:85711date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006393date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-396date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6415date:2015-12-12T16:59:01.603