cvelistv5 - CVE-2015-6277

CVE-2015-6277

Vulnerability from cvelistv5

Published

2015-09-02 16:00

Modified

2024-08-06 07:15

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=40748	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1033443
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=40748	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033443

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033443",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033443"
          },
          {
            "name": "20150901 Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-19T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1033443",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033443"
        },
        {
          "name": "20150901 Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033443",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033443"
            },
            {
              "name": "20150901 Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6277",
    "datePublished": "2015-09-02T16:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:7.3\\\\(0\\\\)zd\\\\(0.47\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2036380D-7658-40AE-B645-026A220E4BBE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10FFC5E8-CC5A-4D31-A63A-19E72EC442AB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:4.1\\\\(2\\\\)e1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD9BBDB0-666C-4692-9C56-8CA45DF58D2C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_4000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"872CEEED-5FAC-4AEF-AAEC-8B44C8C65E35\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:7.0\\\\(0\\\\)hsk\\\\(0.353\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB1B7730-A25C-4634-B3E7-20B1B7D6B77B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:san-os:7.0\\\\(0\\\\)hsk\\\\(0.353\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD13F608-3FA9-49DD-91D7-C73F7DD51FF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:7.3\\\\(0\\\\)zd\\\\(0.61\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D25D743D-FBCA-4A10-924A-DBD75F7FE171\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EBEBA5B-5589-417B-BF3B-976083E9FE54\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:1000v:5.2\\\\(1\\\\)sv3\\\\(1.4\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"515D71CA-4102-4F45-829D-91791A1B0CC6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en la implementaci\\u00f3n ARP en Cisco NX-OS en dispositivos Nexus 1000V para VMware vSphere 5.2(1)SV3(1.4), dispositivos Nexus 3000 7.3(0)ZD(0.47), dispositivos Nexus 4000 4.1(2)E1, dispositivos Nexus 9000 7.3(0)ZD(0.61), y dispositivos MDS 9000 7.0(0)HSK(0.353) y SAN-OS NX-OS en dispositivos MDS 9000 7.0(0)HSK(0.353), permite a atacantes remotos causar una denegaci\\u00f3n de servicio (reinicio del proceso ARP) a trav\\u00e9s de campos de cabecera de paquetes manipulados, tambi\\u00e9n conocida como Bug ID CSCut25292.\"}]",
      "id": "CVE-2015-6277",
      "lastModified": "2024-11-21T02:34:41.370",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 6.1, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-09-02T16:59:03.907",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=40748\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1033443\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=40748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1033443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6277\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2015-09-02T16:59:03.907\",\"lastModified\":\"2024-11-21T02:34:41.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en la implementaci\u00f3n ARP en Cisco NX-OS en dispositivos Nexus 1000V para VMware vSphere 5.2(1)SV3(1.4), dispositivos Nexus 3000 7.3(0)ZD(0.47), dispositivos Nexus 4000 4.1(2)E1, dispositivos Nexus 9000 7.3(0)ZD(0.61), y dispositivos MDS 9000 7.0(0)HSK(0.353) y SAN-OS NX-OS en dispositivos MDS 9000 7.0(0)HSK(0.353), permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del proceso ARP) a trav\u00e9s de campos de cabecera de paquetes manipulados, tambi\u00e9n conocida como Bug ID CSCut25292.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":6.1,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:7.3\\\\(0\\\\)zd\\\\(0.47\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2036380D-7658-40AE-B645-026A220E4BBE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FFC5E8-CC5A-4D31-A63A-19E72EC442AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:4.1\\\\(2\\\\)e1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD9BBDB0-666C-4692-9C56-8CA45DF58D2C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"872CEEED-5FAC-4AEF-AAEC-8B44C8C65E35\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:7.0\\\\(0\\\\)hsk\\\\(0.353\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB1B7730-A25C-4634-B3E7-20B1B7D6B77B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:san-os:7.0\\\\(0\\\\)hsk\\\\(0.353\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD13F608-3FA9-49DD-91D7-C73F7DD51FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:7.3\\\\(0\\\\)zd\\\\(0.61\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25D743D-FBCA-4A10-924A-DBD75F7FE171\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EBEBA5B-5589-417B-BF3B-976083E9FE54\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:1000v:5.2\\\\(1\\\\)sv3\\\\(1.4\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"515D71CA-4102-4F45-829D-91791A1B0CC6\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=40748\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033443\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=40748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-mgmf-hg59-85fw

Vulnerability from github

Published

2022-05-17 00:52

Modified

2022-05-17 00:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6277"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-02T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.",
  "id": "GHSA-mgmf-hg59-85fw",
  "modified": "2022-05-17T00:52:43Z",
  "published": "2022-05-17T00:52:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6277"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033443"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2015-6277

Vulnerability from fkie_nvd

Published

2015-09-02 16:59

Modified

2024-11-21 02:34

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=40748	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1033443
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=40748	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033443

Impacted products

Vendor	Product	Version
cisco	nx-os	7.3\(0\)zd\(0.47\)
cisco	nexus_3000	-
cisco	nx-os	4.1\(2\)e1
cisco	nexus_4000	-
cisco	nx-os	7.0\(0\)hsk\(0.353\)
cisco	san-os	7.0\(0\)hsk\(0.353\)
cisco	mds_9000	-
cisco	nx-os	7.3\(0\)zd\(0.61\)
cisco	nexus_9000	-
cisco	1000v	5.2\(1\)sv3\(1.4\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)zd\\(0.47\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2036380D-7658-40AE-B645-026A220E4BBE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:4.1\\(2\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9BBDB0-666C-4692-9C56-8CA45DF58D2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "872CEEED-5FAC-4AEF-AAEC-8B44C8C65E35",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(0\\)hsk\\(0.353\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1B7730-A25C-4634-B3E7-20B1B7D6B77B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:san-os:7.0\\(0\\)hsk\\(0.353\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DD13F608-3FA9-49DD-91D7-C73F7DD51FF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)zd\\(0.61\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D25D743D-FBCA-4A10-924A-DBD75F7FE171",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:1000v:5.2\\(1\\)sv3\\(1.4\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "515D71CA-4102-4F45-829D-91791A1B0CC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la implementaci\u00f3n ARP en Cisco NX-OS en dispositivos Nexus 1000V para VMware vSphere 5.2(1)SV3(1.4), dispositivos Nexus 3000 7.3(0)ZD(0.47), dispositivos Nexus 4000 4.1(2)E1, dispositivos Nexus 9000 7.3(0)ZD(0.61), y dispositivos MDS 9000 7.0(0)HSK(0.353) y SAN-OS NX-OS en dispositivos MDS 9000 7.0(0)HSK(0.353), permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del proceso ARP) a trav\u00e9s de campos de cabecera de paquetes manipulados, tambi\u00e9n conocida como Bug ID CSCut25292."
    }
  ],
  "id": "CVE-2015-6277",
  "lastModified": "2024-11-21T02:34:41.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-02T16:59:03.907",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1033443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033443"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. Vendors have confirmed this vulnerability Bug ID CSCut25292 It is released as.Denial of service via a crafted packet header field by a third party (ARP Process restart ) There is a possibility of being put into a state. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. A security vulnerability exists in the Cisco NX-OS. The attacker is allowed to submit a special ARP packet to restart the target ARP service. This issue is being tracked by Cisco Bug IDs CSCut25292, CSCuw02034, CSCuw02035, CSCuw02037, and CSCuw02038. are all products of Cisco (Cisco). Cisco Nexus 1000V Switch is a virtual switch product running on the virtual machine platform (VMware vSphere), 3000, 4000, 7000 and 9000 series switches. Cisco MDS SAN-OS Software is an operating system running on fiber optic switches. The following products and versions are affected: Cisco MDS 9000 NX-OS and SAN-OS Software running Cisco NX-OS 7.0(0)HSK(0.353), Cisco NX-OS 5.2(1)SV3(1.4) Nexus 1000V Switches for VMware vSphere, Cisco Nexus 3000 Series Switches running Cisco NX-OS Release 7.3(0)ZD(0.47), Cisco Nexus 9000 Series Switches running Cisco NX-OS Release 7.3(0)ZD(0.61), running Cisco Nexus 4000 Series Switches with Cisco NX-OS 4.1(2)E1 release

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0285",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.2\\(1\\)sv3\\(1.4\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(0\\)hsk\\(0.353\\)"
      },
      {
        "model": "san-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(0\\)hsk\\(0.353\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.3\\(0\\)zd\\(0.47\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.3\\(0\\)zd\\(0.61\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.1\\(2\\)e1"
      },
      {
        "model": "mds 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mds 9000 nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0 (0)hsk(0.353)"
      },
      {
        "model": "mds san-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0 (0)hsk(0.353)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1(2)e1(1c) (cisco nexus 4000 series )"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.2(1)sv3(1.4) (cisco nexus 1000v switch  for vmware vsphere)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.3(0)zd(0.47) (cisco nexus 3000 series )"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.3(0)zd(0.61) (cisco nexus 9000 series )"
      },
      {
        "model": "nexus 4.1 e1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "nexus 7.3 zd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds 7.0 hsk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "san-os nx-os on mds devices 7.0 hsk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "nexus 7.3 zd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "nx-os on nexus devices for vmware vsphere 5.2 sv3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "nexus switch for vmware vsphere 5.2 sv3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "nexus switch for nexus series 7.3 zd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v9000"
      },
      {
        "model": "nexus switch for nexus series 4.1 e1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v4000"
      },
      {
        "model": "nexus switch for nexus series 7.3 zd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v3000"
      },
      {
        "model": "mds san-os software hsk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "mds nx-os software 7.0 hsk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "BID",
        "id": "76548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)zd\\(0.47\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:4.1\\(2\\)e1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:san-os:7.0\\(0\\)hsk\\(0.353\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.0\\(0\\)hsk\\(0.353\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)zd\\(0.61\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:1000v:5.2\\(1\\)sv3\\(1.4\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "76548"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6277",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-6277",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.1,
            "id": "CNVD-2015-05865",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-84238",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6277",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05865",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201509-016",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84238",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. Vendors have confirmed this vulnerability Bug ID CSCut25292 It is released as.Denial of service via a crafted packet header field by a third party (ARP Process restart ) There is a possibility of being put into a state. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. A security vulnerability exists in the Cisco NX-OS. The attacker is allowed to submit a special ARP packet to restart the target ARP service. \nThis issue is being tracked by Cisco Bug IDs CSCut25292, CSCuw02034, CSCuw02035, CSCuw02037, and CSCuw02038. are all products of Cisco (Cisco). Cisco Nexus 1000V Switch is a virtual switch product running on the virtual machine platform (VMware vSphere), 3000, 4000, 7000 and 9000 series switches. Cisco MDS SAN-OS Software is an operating system running on fiber optic switches. The following products and versions are affected: Cisco MDS 9000 NX-OS and SAN-OS Software running Cisco NX-OS 7.0(0)HSK(0.353), Cisco NX-OS 5.2(1)SV3(1.4) Nexus 1000V Switches for VMware vSphere, Cisco Nexus 3000 Series Switches running Cisco NX-OS Release 7.3(0)ZD(0.47), Cisco Nexus 9000 Series Switches running Cisco NX-OS Release 7.3(0)ZD(0.61), running Cisco Nexus 4000 Series Switches with Cisco NX-OS 4.1(2)E1 release",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "BID",
        "id": "76548"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6277",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1033443",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "76548",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "db": "BID",
        "id": "76548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "id": "VAR-201509-0285",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      }
    ],
    "trust": 1.5958333333333332
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:03:22.017000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "40748",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40748"
      },
      {
        "title": "Patch for Cisco NX-OS ARP Service Restart Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/63608"
      },
      {
        "title": "Cisco NX-OS Address Resolution Protocol Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61037"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40748"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033443"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6277"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6277"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "db": "BID",
        "id": "76548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "db": "BID",
        "id": "76548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "date": "2015-09-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "date": "2015-09-01T00:00:00",
        "db": "BID",
        "id": "76548"
      },
      {
        "date": "2015-09-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "date": "2015-09-02T16:59:03.907000",
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "date": "2015-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05865"
      },
      {
        "date": "2017-09-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84238"
      },
      {
        "date": "2015-09-01T00:00:00",
        "db": "BID",
        "id": "76548"
      },
      {
        "date": "2015-09-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      },
      {
        "date": "2017-09-20T01:29:02.170000",
        "db": "NVD",
        "id": "CVE-2015-6277"
      },
      {
        "date": "2015-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco Nexus Run on device  Cisco NX-OS and  MDS SAN-OS of  ARP Service disruption in implementations  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004562"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-016"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-6277

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-6277

Aliases

CVE-2015-6277

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6277",
    "description": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.",
    "id": "GSD-2015-6277"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6277"
      ],
      "details": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.",
      "id": "GSD-2015-6277",
      "modified": "2023-12-13T01:20:04.192150Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-6277",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033443",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033443"
          },
          {
            "name": "20150901 Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)zd\\(0.47\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:4.1\\(2\\)e1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:san-os:7.0\\(0\\)hsk\\(0.353\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.0\\(0\\)hsk\\(0.353\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)zd\\(0.61\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:1000v:5.2\\(1\\)sv3\\(1.4\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6277"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150901 Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40748"
            },
            {
              "name": "1033443",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033443"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-20T01:29Z",
      "publishedDate": "2015-09-02T16:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-6277

Vulnerability from cvelistv5

ghsa-mgmf-hg59-85fw

Vulnerability from github

CVE-2015-6277

Vulnerability from fkie_nvd

var-201509-0285

Vulnerability from variot

gsd-2015-6277

Vulnerability from gsd

Tags

Sightings

Nomenclature