var-201504-0266
Vulnerability from variot
Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 fails to properly handle routing neighbor advertisements. An unauthenticated attacker sends a malicious IP packet to the affected device, causing the device to stop responding. Cisco ASR 9000 Series Routers are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCub31873. Cisco IOS XE is an operating system developed by Cisco for its network equipment. There is a security vulnerability in versions earlier than Cisco IOS XE 3.7.5S. The vulnerability is caused by the fact that the program does not correctly handle the adjacency relationship of routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s.4"
},
{
"model": "ios xe",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "3.7.5s"
},
{
"model": "asr",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1000"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.7s.4"
},
{
"model": "ios xe software 3.7s.4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asr series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.7s.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "73470"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0685",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2015-02238",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78631",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0685",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-02238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-78631",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-0685",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 fails to properly handle routing neighbor advertisements. An unauthenticated attacker sends a malicious IP packet to the affected device, causing the device to stop responding. Cisco ASR 9000 Series Routers are prone to a remote denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCub31873. Cisco IOS XE is an operating system developed by Cisco for its network equipment. There is a security vulnerability in versions earlier than Cisco IOS XE 3.7.5S. The vulnerability is caused by the fact that the program does not correctly handle the adjacency relationship of routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0685",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1032004",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-02238",
"trust": 0.6
},
{
"db": "BID",
"id": "73470",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-78631",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0685",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"id": "VAR-201504-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
}
],
"trust": 1.3328331633333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
}
]
},
"last_update_date": "2023-12-18T12:30:22.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38124",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38124"
},
{
"title": "Patch for Cisco ASR1000 Series Router Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57016"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38124"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0685"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032004"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0685"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73470"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"db": "VULHUB",
"id": "VHN-78631"
},
{
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"db": "BID",
"id": "73470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-78631"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73470"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"date": "2015-04-03T02:00:24.317000",
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02238"
},
{
"date": "2015-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-78631"
},
{
"date": "2015-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0685"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73470"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002067"
},
{
"date": "2015-09-29T19:30:42.867000",
"db": "NVD",
"id": "CVE-2015-0685"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-037"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.