CVE-2015-0694 (GCVE-0-2015-0694)

Vulnerability from cvelistv5 – Published: 2015-04-11 01:00 – Updated: 2024-08-06 04:17
VLAI?
Summary
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/viewAlert.… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1032059 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"
          },
          {
            "name": "1032059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032059"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-16T17:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"
        },
        {
          "name": "1032059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032059"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"
            },
            {
              "name": "1032059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032059"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0694",
    "datePublished": "2015-04-11T01:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74783CCE-2295-4FFE-9978-0E7751099D27\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"324C97E6-1810-404F-9F45-6240F99FF039\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57EB55BB-41B7-40A1-B6F5-142FE8AB4C16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"433F4A82-04A4-4EAA-8C19-F7581DCD8D29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A93212A4-50AB-42E7-89A4-5FBBAEA050C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5445CC54-ACFB-4070-AF26-F91FEAA85181\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.\"}, {\"lang\": \"es\", \"value\": \"Los dispositivos Cisco ASR 9000 con software 5.3.0.BASE no reconocen que ciertas entradas ACL tienen una limitaci\\u00f3n de un anfitri\\u00f3n \\u00fanico, lo que permite a atacantes remotos evadir las restricciones de acceso de los recursos de la red mediante el uso de una direcci\\u00f3n que se supon\\u00eda que no se permit\\u00eda, tambi\\u00e9n conocido como Bug ID CSCur28806.\"}]",
      "id": "CVE-2015-0694",
      "lastModified": "2024-11-21T02:23:33.090",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-11T01:59:03.803",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=38292\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032059\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=38292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032059\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0694\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-04-11T01:59:03.803\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Cisco ASR 9000 con software 5.3.0.BASE no reconocen que ciertas entradas ACL tienen una limitaci\u00f3n de un anfitri\u00f3n \u00fanico, lo que permite a atacantes remotos evadir las restricciones de acceso de los recursos de la red mediante el uso de una direcci\u00f3n que se supon\u00eda que no se permit\u00eda, tambi\u00e9n conocido como Bug ID CSCur28806.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74783CCE-2295-4FFE-9978-0E7751099D27\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"324C97E6-1810-404F-9F45-6240F99FF039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57EB55BB-41B7-40A1-B6F5-142FE8AB4C16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"433F4A82-04A4-4EAA-8C19-F7581DCD8D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A93212A4-50AB-42E7-89A4-5FBBAEA050C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5445CC54-ACFB-4070-AF26-F91FEAA85181\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=38292\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032059\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=38292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.