Details of VAR-201601-0491

ID

VAR-201601-0491

CVE

CVE-2015-6432

TITLE

Cisco IOS XR Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-00096 // CNNVD: CNNVD-201601-061

DESCRIPTION

Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. Vendors have confirmed this vulnerability Bug ID CSCuw83486 It is released as.Service disruption through crafted updates by third parties ( Device reload ) There is a possibility of being put into a state. Cisco IOSXR is a fully modular, distributed network operating system from Cisco's IOS software family. A security vulnerability exists in Cisco IOSXR that originated from the number of times the program did not correctly limit the PathComputationElements(PCEs)forOSPFLSAopaque domain update. Cisco IOS XR Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to restart the OSPF process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw83486. The following releases are affected: Cisco IOS XR Release 4.2.0, Release 4.3.0, Release 5.0.0, Release 5.1.0, Release 5.2.0, Release 5.2.2, Release 5.2.4, Release 5.3.0, Release 5.3. 2 versions

Trust: 2.52

sources: NVD: CVE-2015-6432 // JVNDB: JVNDB-2015-006608 // CNVD: CNVD-2016-00096 // BID: 79831 // VULHUB: VHN-84393

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00096

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.0	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2.0	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.0.0	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.1.0	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.2.0	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.2.2	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.2.4	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.3.0	Trust: 3.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.3.2	Trust: 3.0
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.3.2	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.3	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.3	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.1.0	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	5.0.0	Trust: 0.3

sources: CNVD: CNVD-2016-00096 // BID: 79831 // JVNDB: JVNDB-2015-006608 // CNNVD: CNNVD-201601-061 // NVD: CVE-2015-6432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6432
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6432
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00096
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201601-061
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84393
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6432
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00096
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84393
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6432
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00096 // VULHUB: VHN-84393 // JVNDB: JVNDB-2015-006608 // CNNVD: CNNVD-201601-061 // NVD: CVE-2015-6432

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84393 // JVNDB: JVNDB-2015-006608 // NVD: CVE-2015-6432

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-061

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201601-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006608

PATCH

title:	cisco-sa-20160104-iosxr	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr	Trust: 0.8
title:	Patch for Cisco IOSXR Resource Management Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/69675	Trust: 0.6
title:	Cisco IOS XR Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59457	Trust: 0.6

sources: CNVD: CNVD-2016-00096 // JVNDB: JVNDB-2015-006608 // CNNVD: CNNVD-201601-061

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6432	Trust: 3.4
db:	SECTRACK	id:	1034570	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006608	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-061	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00096	Trust: 0.6
db:	BID	id:	79831	Trust: 0.4
db:	VULHUB	id:	VHN-84393	Trust: 0.1

sources: CNVD: CNVD-2016-00096 // VULHUB: VHN-84393 // BID: 79831 // JVNDB: JVNDB-2015-006608 // CNNVD: CNNVD-201601-061 // NVD: CVE-2015-6432

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160104-iosxr	Trust: 2.6
url:	http://www.securitytracker.com/id/1034570	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6432	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6432	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-00096 // VULHUB: VHN-84393 // BID: 79831 // JVNDB: JVNDB-2015-006608 // CNNVD: CNNVD-201601-061 // NVD: CVE-2015-6432

CREDITS

Cisco

Trust: 0.3

sources: BID: 79831

SOURCES

db:	CNVD	id:	CNVD-2016-00096
db:	VULHUB	id:	VHN-84393
db:	BID	id:	79831
db:	JVNDB	id:	JVNDB-2015-006608
db:	CNNVD	id:	CNNVD-201601-061
db:	NVD	id:	CVE-2015-6432

LAST UPDATE DATE

2024-11-23T21:43:25.164000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00096	date:	2016-01-08T00:00:00
db:	VULHUB	id:	VHN-84393	date:	2016-12-07T00:00:00
db:	BID	id:	79831	date:	2016-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-006608	date:	2016-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201601-061	date:	2016-01-06T00:00:00
db:	NVD	id:	CVE-2015-6432	date:	2024-11-21T02:34:59.173

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00096	date:	2016-01-08T00:00:00
db:	VULHUB	id:	VHN-84393	date:	2016-01-05T00:00:00
db:	BID	id:	79831	date:	2016-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-006608	date:	2016-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201601-061	date:	2016-01-06T00:00:00
db:	NVD	id:	CVE-2015-6432	date:	2016-01-05T02:59:05.427