cvelistv5 - cve-2015-4291

cve-2015-4291

Vulnerability from cvelistv5

Published

2015-08-01 01:00

Modified

2024-08-06 06:11

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1033131
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033131

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.416Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033131",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033131"
          },
          {
            "name": "20150730 Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-08-14T16:57:05",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1033131",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033131"
        },
        {
          "name": "20150730 Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033131",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033131"
            },
            {
              "name": "20150730 Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4291",
    "datePublished": "2015-08-01T01:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C798B993-8521-4C5D-88AF-2D509DBAC2AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"127BD97D-56A0-4B75-9A19-CC499965B53D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A1D6AEB-26F3-4BD9-A4CA-3D54CCF158F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87B35652-621F-48DB-84FF-E214D42AA799\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E216416-E3ED-437D-A725-2297DD86EF3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E8F3444-17E3-48A5-BEC1-97967F7E4EA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539E369A-299B-4CDE-940F-C853E08439B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.3.0t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30FD86B1-BE1A-4D72-86B0-2EDBFF50056F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57F6EF3B-2F31-4449-9B2A-9114D41BBC6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1E6D907-4B38-4046-BF4F-C7DFA36F55E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D0B52CA-3834-4435-A3E1-9684A41E6405\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5976253B-339F-49C3-A538-653901E85EFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en Cisco IOS XE 2.x en versiones anteriores a 2.4.3 y 2.5.x e versiones anteriores a 2.5.1 en dispositivos ASR 1000, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda de Embedded Services Processor) a trav\\u00e9s de una serie de paquetes fragmentados manipulados (1) IPv4 o (2) IPv6 manipulados, tambi\\u00e9n conocida como Bug ID CSCtd72617.\"}]",
      "id": "CVE-2015-4291",
      "lastModified": "2024-11-21T02:30:46.827",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-08-01T01:59:16.007",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1033131\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1033131\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4291\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2015-08-01T01:59:16.007\",\"lastModified\":\"2024-11-21T02:30:46.827\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en Cisco IOS XE 2.x en versiones anteriores a 2.4.3 y 2.5.x e versiones anteriores a 2.5.1 en dispositivos ASR 1000, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Embedded Services Processor) a trav\u00e9s de una serie de paquetes fragmentados manipulados (1) IPv4 o (2) IPv6 manipulados, tambi\u00e9n conocida como Bug ID CSCtd72617.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C798B993-8521-4C5D-88AF-2D509DBAC2AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"127BD97D-56A0-4B75-9A19-CC499965B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A1D6AEB-26F3-4BD9-A4CA-3D54CCF158F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87B35652-621F-48DB-84FF-E214D42AA799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E216416-E3ED-437D-A725-2297DD86EF3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8F3444-17E3-48A5-BEC1-97967F7E4EA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539E369A-299B-4CDE-940F-C853E08439B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.3.0t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FD86B1-BE1A-4D72-86B0-2EDBFF50056F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F6EF3B-2F31-4449-9B2A-9114D41BBC6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1E6D907-4B38-4046-BF4F-C7DFA36F55E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D0B52CA-3834-4435-A3E1-9684A41E6405\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5976253B-339F-49C3-A538-653901E85EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033131\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cve-2015-4291

Vulnerability from fkie_nvd

Published

2015-08-01 01:59

Modified

2024-11-21 02:30

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1033131
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033131

Impacted products

Vendor	Product	Version
cisco	ios_xe	2.1.0
cisco	ios_xe	2.1.1
cisco	ios_xe	2.1.2
cisco	ios_xe	2.2.1
cisco	ios_xe	2.2.2
cisco	ios_xe	2.2.3
cisco	ios_xe	2.3.0
cisco	ios_xe	2.3.0t
cisco	ios_xe	2.3.1t
cisco	ios_xe	2.3.2
cisco	ios_xe	2.4.0
cisco	ios_xe	2.4.1
cisco	ios_xe	2.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C798B993-8521-4C5D-88AF-2D509DBAC2AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "127BD97D-56A0-4B75-9A19-CC499965B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1D6AEB-26F3-4BD9-A4CA-3D54CCF158F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B35652-621F-48DB-84FF-E214D42AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E216416-E3ED-437D-A725-2297DD86EF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8F3444-17E3-48A5-BEC1-97967F7E4EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539E369A-299B-4CDE-940F-C853E08439B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.0t:*:*:*:*:*:*:*",
              "matchCriteriaId": "30FD86B1-BE1A-4D72-86B0-2EDBFF50056F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F6EF3B-2F31-4449-9B2A-9114D41BBC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E6D907-4B38-4046-BF4F-C7DFA36F55E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D0B52CA-3834-4435-A3E1-9684A41E6405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5976253B-339F-49C3-A538-653901E85EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en Cisco IOS XE 2.x en versiones anteriores a 2.4.3 y 2.5.x e versiones anteriores a 2.5.1 en dispositivos ASR 1000, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Embedded Services Processor) a trav\u00e9s de una serie de paquetes fragmentados manipulados (1) IPv4 o (2) IPv6 manipulados, tambi\u00e9n conocida como Bug ID CSCtd72617."
    }
  ],
  "id": "CVE-2015-4291",
  "lastModified": "2024-11-21T02:30:46.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-01T01:59:16.007",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1033131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033131"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtd72617

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0500",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2.3"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.3.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.1.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2.2"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.3.0t"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.4.1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.4.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.1.1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.5.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.2"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.1t"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.5.1"
      },
      {
        "model": "ios xe",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.x"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.4.3"
      },
      {
        "model": "ios xe",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.5.x"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2.x(\u003c2.4.3)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2.5.x(\u003c2.5.1)"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.2"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.3"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.2"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0"
      },
      {
        "model": "ios xe software 2.3.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe software 2.3.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1(1)"
      },
      {
        "model": "ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1"
      },
      {
        "model": "ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4.3(1)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "BID",
        "id": "76118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.0t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "76118"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4291",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-4291",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-05095",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-82252",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4291",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05095",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-846",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82252",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. \nAttackers can exploit this issue to reload the affected device, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCtd72617",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "BID",
        "id": "76118"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4291",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1033131",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "76118",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "db": "BID",
        "id": "76118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "id": "VAR-201508-0500",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      }
    ],
    "trust": 1.224805295
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:19:48.033000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150730-asr1k",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150730-asr1k"
      },
      {
        "title": "40212",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40212"
      },
      {
        "title": "cisco-sa-20150730-asr1k",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/113/1130/1130249_cisco-sa-20150730-asr1k-j.html"
      },
      {
        "title": "Patch for Cisco ASR 1000 Series Aggregation Services Routers Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/61887"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150730-asr1k"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033131"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4291"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4291"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/software_packaging_architecture.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40212"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "db": "BID",
        "id": "76118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "db": "BID",
        "id": "76118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "date": "2015-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "date": "2015-07-30T00:00:00",
        "db": "BID",
        "id": "76118"
      },
      {
        "date": "2015-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "date": "2015-08-01T01:59:16.007000",
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "date": "2015-07-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05095"
      },
      {
        "date": "2015-08-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82252"
      },
      {
        "date": "2015-07-30T00:00:00",
        "db": "BID",
        "id": "76118"
      },
      {
        "date": "2015-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      },
      {
        "date": "2015-08-21T16:04:37.177000",
        "db": "NVD",
        "id": "CVE-2015-4291"
      },
      {
        "date": "2015-08-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 1000 Run on device  Cisco IOS XE Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003962"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-846"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-4291

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-4291

Aliases

CVE-2015-4291

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4291",
    "description": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.",
    "id": "GSD-2015-4291"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4291"
      ],
      "details": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.",
      "id": "GSD-2015-4291",
      "modified": "2023-12-13T01:19:59.192162Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4291",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033131",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033131"
          },
          {
            "name": "20150730 Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.0t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4291"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150730 Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
            },
            {
              "name": "1033131",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033131"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-08-21T16:04Z",
      "publishedDate": "2015-08-01T01:59Z"
    }
  }
}

ghsa-2wp8-8f56-4p9g

Vulnerability from github

Published

2022-05-17 04:09

Modified

2022-05-17 04:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4291"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-01T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.",
  "id": "GHSA-2wp8-8f56-4p9g",
  "modified": "2022-05-17T04:09:26Z",
  "published": "2022-05-17T04:09:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4291"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033131"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-4291

Vulnerability from cvelistv5

cve-2015-4291

Vulnerability from fkie_nvd

var-201508-0500

Vulnerability from variot

gsd-2015-4291

Vulnerability from gsd

ghsa-2wp8-8f56-4p9g

Vulnerability from github

Tags

Sightings

Nomenclature