Details of VAR-201707-0436

ID

VAR-201707-0436

CVE

CVE-2017-3865

TITLE

Cisco ASR 5000 For series router Cisco StarOS of IPsec All active in the component IPsec VPN Vulnerability that terminates the tunnel

Trust: 0.8

sources: JVNDB: JVNDB-2017-005297

DESCRIPTION

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. StarOS is a set of Linux operating systems for it. CiscoStarOS for Cisco ASR5000 SeriesRouters has security vulnerabilities in the IPsec component. The IKE message was not processed correctly by the program. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvc21129

Trust: 2.52

sources: NVD: CVE-2017-3865 // JVNDB: JVNDB-2017-005297 // CNVD: CNVD-2017-11550 // BID: 99218 // VULHUB: VHN-112068

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-11550

AFFECTED PRODUCTS

vendor:	cisco	model:	staros	scope:	eq	version:	21.0_m0.64702	Trust: 1.6
vendor:	cisco	model:	staros	scope:	eq	version:	21.0.0	Trust: 1.6
vendor:	cisco	model:	staros	scope:	eq	version:	21.0_m0.64246	Trust: 1.6
vendor:	cisco	model:	staros	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	virtualized packet core software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	virtualized packet core software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.1	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.1.v0	Trust: 0.3
vendor:	cisco	model:	asr series 21.2.a0.65754	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500021.1.v0.66014	Trust: 0.3
vendor:	cisco	model:	asr series 21.1.r0.65759	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.1.m0.65749	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.1.b0.66164	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500021.1.0.66030	Trust: 0.3

sources: CNVD: CNVD-2017-11550 // BID: 99218 // JVNDB: JVNDB-2017-005297 // CNNVD: CNNVD-201706-1005 // NVD: CVE-2017-3865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3865
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3865
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-11550
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201706-1005
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112068
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3865
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-11550
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112068
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3865
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-11550 // VULHUB: VHN-112068 // JVNDB: JVNDB-2017-005297 // CNNVD: CNNVD-201706-1005 // NVD: CVE-2017-3865

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-112068 // JVNDB: JVNDB-2017-005297 // NVD: CVE-2017-3865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1005

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201706-1005

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005297

PATCH

title:	cisco-sa-20170621-asr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr	Trust: 0.8
title:	Patch for CiscoStarOSIPsec Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/96506	Trust: 0.6
title:	Cisco ASR 5500 Series routers with Data Processing Card 2 StarOS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71194	Trust: 0.6

sources: CNVD: CNVD-2017-11550 // JVNDB: JVNDB-2017-005297 // CNNVD: CNNVD-201706-1005

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3865	Trust: 3.4
db:	BID	id:	99218	Trust: 2.0
db:	SECTRACK	id:	1038748	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-005297	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1005	Trust: 0.7
db:	CNVD	id:	CNVD-2017-11550	Trust: 0.6
db:	VULHUB	id:	VHN-112068	Trust: 0.1

sources: CNVD: CNVD-2017-11550 // VULHUB: VHN-112068 // BID: 99218 // JVNDB: JVNDB-2017-005297 // CNNVD: CNNVD-201706-1005 // NVD: CVE-2017-3865

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-asr	Trust: 2.3
url:	http://www.securityfocus.com/bid/99218	Trust: 1.7
url:	http://www.securitytracker.com/id/1038748	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3865	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3865	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-asr	Trust: 0.3

sources: CNVD: CNVD-2017-11550 // VULHUB: VHN-112068 // BID: 99218 // JVNDB: JVNDB-2017-005297 // CNNVD: CNNVD-201706-1005 // NVD: CVE-2017-3865

CREDITS

Cisco

Trust: 0.9

sources: BID: 99218 // CNNVD: CNNVD-201706-1005

SOURCES

db:	CNVD	id:	CNVD-2017-11550
db:	VULHUB	id:	VHN-112068
db:	BID	id:	99218
db:	JVNDB	id:	JVNDB-2017-005297
db:	CNNVD	id:	CNNVD-201706-1005
db:	NVD	id:	CVE-2017-3865

LAST UPDATE DATE

2024-11-23T22:45:38.193000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-11550	date:	2017-06-27T00:00:00
db:	VULHUB	id:	VHN-112068	date:	2019-10-03T00:00:00
db:	BID	id:	99218	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005297	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1005	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3865	date:	2024-11-21T03:26:16.433

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-11550	date:	2017-06-27T00:00:00
db:	VULHUB	id:	VHN-112068	date:	2017-07-04T00:00:00
db:	BID	id:	99218	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005297	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1005	date:	2017-06-23T00:00:00
db:	NVD	id:	CVE-2017-3865	date:	2017-07-04T00:29:00.180