var-201504-0274
Vulnerability from variot
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. Vendors have confirmed this vulnerability Bug ID CSCur28806 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy using an address that was not permitted by a third party, access to network resources may be circumvented. The Cisco ASR 9000 Series is an integrated services router solution from Cisco that uses the IOS XR Software module operating system to provide carrier-class reliability. A security vulnerability exists in the Object-ACL matching process of Cisco Aggregation Services Router 9000 (ASR9K), which is exploited by unauthenticated remote attackers to bypass security restrictions by configuring ACLs. Cisco ASR 9000 Series Routers are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program not correctly recognizing certain ACL entries
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xr",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.3.0_base"
},
{
"model": "asr 9001",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9006",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9904",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9922",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9912",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9010",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9001 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9006 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9010 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9904 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9912 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 9922 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.3.0.base"
},
{
"model": "asr 5.3.0.base",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9000"
},
{
"model": "asr series aggregation services routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90005.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "BID",
"id": "74029"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0694"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "74029"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0694",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0694",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-02383",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78640",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0694",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02383",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-189",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78640",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "VULHUB",
"id": "VHN-78640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. Vendors have confirmed this vulnerability Bug ID CSCur28806 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy using an address that was not permitted by a third party, access to network resources may be circumvented. The Cisco ASR 9000 Series is an integrated services router solution from Cisco that uses the IOS XR Software module operating system to provide carrier-class reliability. A security vulnerability exists in the Object-ACL matching process of Cisco Aggregation Services Router 9000 (ASR9K), which is exploited by unauthenticated remote attackers to bypass security restrictions by configuring ACLs. Cisco ASR 9000 Series Routers are prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program not correctly recognizing certain ACL entries",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "BID",
"id": "74029"
},
{
"db": "VULHUB",
"id": "VHN-78640"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0694",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032059",
"trust": 1.1
},
{
"db": "BID",
"id": "74029",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-189",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-02383",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78640",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "VULHUB",
"id": "VHN-78640"
},
{
"db": "BID",
"id": "74029"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"id": "VAR-201504-0274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "VULHUB",
"id": "VHN-78640"
}
],
"trust": 1.4458730149999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
}
]
},
"last_update_date": "2023-12-18T13:53:18.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38292",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38292"
},
{
"title": "Cisco ASR ASR9K Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57246"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "NVD",
"id": "CVE-2015-0694"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38292"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0694"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0694"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "VULHUB",
"id": "VHN-78640"
},
{
"db": "BID",
"id": "74029"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"db": "VULHUB",
"id": "VHN-78640"
},
{
"db": "BID",
"id": "74029"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"date": "2015-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-78640"
},
{
"date": "2015-04-10T00:00:00",
"db": "BID",
"id": "74029"
},
{
"date": "2015-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"date": "2015-04-11T01:59:03.803000",
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"date": "2015-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02383"
},
{
"date": "2015-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-78640"
},
{
"date": "2015-04-10T00:00:00",
"db": "BID",
"id": "74029"
},
{
"date": "2015-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002213"
},
{
"date": "2015-09-29T19:27:29.840000",
"db": "NVD",
"id": "CVE-2015-0694"
},
{
"date": "2015-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 9000 Vulnerability in device software that prevents access to network resources",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "74029"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.