VAR-201504-0290
Vulnerability from variot - Updated: 2023-12-18 12:20The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. Vendors have confirmed this vulnerability Bug ID CSCut94711 It is released as.Malformed by a third party PM Service disruption via packets ( Reload services and stop call processing ) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a 5000 series wireless controller product from Cisco. StarOS is a virtualized operating system that dynamically allocates resources for mobile services and networks running in the 5000 Series wireless controller products. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCut94711
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "staros",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "18.1.0.59776"
},
{
"model": "asr 5000 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5500 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5700 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500018.1.0.59776"
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500018.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "BID",
"id": "74388"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:staros:18.1.0.59776:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_5700:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_5500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_5000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "74388"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0711",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-02815",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0711",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02815",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-571",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78657",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "VULHUB",
"id": "VHN-78657"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. Vendors have confirmed this vulnerability Bug ID CSCut94711 It is released as.Malformed by a third party PM Service disruption via packets ( Reload services and stop call processing ) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a 5000 series wireless controller product from Cisco. StarOS is a virtualized operating system that dynamically allocates resources for mobile services and networks running in the 5000 Series wireless controller products. \nSuccessful exploitation of the issue will cause the device to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCut94711",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "BID",
"id": "74388"
},
{
"db": "VULHUB",
"id": "VHN-78657"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0711",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032213",
"trust": 1.1
},
{
"db": "BID",
"id": "74388",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-02815",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78657",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "VULHUB",
"id": "VHN-78657"
},
{
"db": "BID",
"id": "74388"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"id": "VAR-201504-0290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "VULHUB",
"id": "VHN-78657"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
}
]
},
"last_update_date": "2023-12-18T12:20:55.998000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38557",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38557"
},
{
"title": "Cisco ASR 5000 Series StarOS Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57892"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78657"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "NVD",
"id": "CVE-2015-0711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38557"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0711"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032213"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0711"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "VULHUB",
"id": "VHN-78657"
},
{
"db": "BID",
"id": "74388"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "VULHUB",
"id": "VHN-78657"
},
{
"db": "BID",
"id": "74388"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"date": "2015-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-78657"
},
{
"date": "2015-04-28T00:00:00",
"db": "BID",
"id": "74388"
},
{
"date": "2015-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"date": "2015-04-29T01:59:03.183000",
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"date": "2015-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"date": "2015-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-78657"
},
{
"date": "2015-04-28T00:00:00",
"db": "BID",
"id": "74388"
},
{
"date": "2015-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002512"
},
{
"date": "2015-09-10T16:07:19.700000",
"db": "NVD",
"id": "CVE-2015-0711"
},
{
"date": "2015-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Series StarOS Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02815"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-571"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…