VAR-201504-0266
Vulnerability from variot - Updated: 2023-12-18 12:30Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 fails to properly handle routing neighbor advertisements. An unauthenticated attacker sends a malicious IP packet to the affected device, causing the device to stop responding. Cisco ASR 9000 Series Routers are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCub31873. Cisco IOS XE is an operating system developed by Cisco for its network equipment. There is a security vulnerability in versions earlier than Cisco IOS XE 3.7.5S. The vulnerability is caused by the fact that the program does not correctly handle the adjacency relationship of routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s.4"
},
{
"model": "ios xe",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "3.7.5s"
},
{
"model": "asr",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1000"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.7s.4"
},
{
"model": "ios xe software 3.7s.4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asr series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.7s.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "73470"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0685",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2015-02238",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78631",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0685",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-02238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-78631",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-0685",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 fails to properly handle routing neighbor advertisements. An unauthenticated attacker sends a malicious IP packet to the affected device, causing the device to stop responding. Cisco ASR 9000 Series Routers are prone to a remote denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCub31873. Cisco IOS XE is an operating system developed by Cisco for its network equipment. There is a security vulnerability in versions earlier than Cisco IOS XE 3.7.5S. The vulnerability is caused by the fact that the program does not correctly handle the adjacency relationship of routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0685",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1032004",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-02238",
"trust": 0.6
},
{
"db": "BID",
"id": "73470",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-78631",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0685",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"id": "VAR-201504-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
}
],
"trust": 1.3328331633333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
}
]
},
"last_update_date": "2023-12-18T12:30:22.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38124",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38124"
},
{
"title": "Patch for Cisco ASR1000 Series Router Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57016"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38124"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0685"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032004"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0685"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73470"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-78631"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73470"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"date": "2015-04-03T02:00:24.317000",
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"date": "2015-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-78631"
},
{
"date": "2015-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73470"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"date": "2015-09-29T19:30:42.867000",
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…