ID
VAR-201611-0166
CVE
CVE-2016-6455
TITLE
Cisco ASR 5500 Series Routers Denial of Service Vulnerability
Trust: 1.2
DESCRIPTION
A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147. Vendors have confirmed this vulnerability Bug ID CSCvb12081 It is released as.Part of a subscriber session by a third party (subset) Resulting in service disruption (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). After installing the DPC2 on the Cisco ASR5500 series router, there is a security hole in StarOSSlowpath. Cisco StarOS for ASR 5500 Series routers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb12081. StarOS is a set of Linux operating systems used in it
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1.0.59780 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.3_base | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0.59211 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.l0.59219 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 20.0.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.1 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0.59167 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.3.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.4.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.m0.61045 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1_base | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.1.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.m0.60828 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.m0.60737 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.3.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.1.0.61559 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1.0.59776 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.2.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0.57828 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.0.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.0.0.57828 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.0.0.59167 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.0.0.59211 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.0.l0.59219 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.1 base | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.1.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.1.0.59776 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.1.0.59780 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.3 base | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.3.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 18.4.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.0.1 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.0.m0.60737 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.0.m0.60828 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.0.m0.61045 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.1.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.1.0.61559 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.2.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 19.3.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5000 series software | scope: | eq | version: | 20.0.0 | Trust: 0.8 |
| vendor: | cisco | model: | asr 5500 router | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | staros on asr | scope: | eq | version: | 5000>=18.0 | Trust: 0.6 |
| vendor: | cisco | model: | staros | scope: | eq | version: | 20.0 | Trust: 0.3 |
| vendor: | cisco | model: | staros | scope: | eq | version: | 19.0 | Trust: 0.3 |
| vendor: | cisco | model: | staros | scope: | eq | version: | 18.0 | Trust: 0.3 |
| vendor: | cisco | model: | asr | scope: | eq | version: | 55000 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20161102-asr | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr | Trust: 0.8 |
| title: | Patch for CiscoASR5500 SeriesRouters Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/83528 | Trust: 0.6 |
| title: | Cisco ASR 5500 Series routers Remediation measures for denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65232 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-6455 | Trust: 3.4 |
| db: | BID | id: | 94071 | Trust: 2.0 |
| db: | SECTRACK | id: | 1037186 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-005737 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201611-002 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-10623 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-95275 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-asr | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/94071 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1037186 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6455 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6455 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2016-10623 |
| db: | VULHUB | id: | VHN-95275 |
| db: | BID | id: | 94071 |
| db: | JVNDB | id: | JVNDB-2016-005737 |
| db: | CNNVD | id: | CNNVD-201611-002 |
| db: | NVD | id: | CVE-2016-6455 |
LAST UPDATE DATE
2024-11-23T23:09:10.880000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-10623 | date: | 2016-11-04T00:00:00 |
| db: | VULHUB | id: | VHN-95275 | date: | 2017-07-29T00:00:00 |
| db: | BID | id: | 94071 | date: | 2016-11-24T01:07:00 |
| db: | JVNDB | id: | JVNDB-2016-005737 | date: | 2016-11-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-002 | date: | 2016-11-04T00:00:00 |
| db: | NVD | id: | CVE-2016-6455 | date: | 2024-11-21T02:56:10.037 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-10623 | date: | 2016-11-04T00:00:00 |
| db: | VULHUB | id: | VHN-95275 | date: | 2016-11-03T00:00:00 |
| db: | BID | id: | 94071 | date: | 2016-11-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-005737 | date: | 2016-11-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-002 | date: | 2016-11-04T00:00:00 |
| db: | NVD | id: | CVE-2016-6455 | date: | 2016-11-03T21:59:10.967 |