VAR-201510-0028
Vulnerability from variot - Updated: 2024-02-13 22:34Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. A remote attacker exploiting this vulnerability could result in a denial of service. An attacker can exploit this issue to cause the BGP process to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw65781. The vulnerability is caused by the program not properly validating BGP packet headers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "19.1.0.61559"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "19.2.0"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "19.1.0.61559"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "19.2.0"
},
{
"model": "asr system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "550019.1.0.61559"
},
{
"model": "asr system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "550019.2.0"
},
{
"model": "asr system architecture evolution gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550019.2.0"
},
{
"model": "asr system architecture evolution gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550019.1.0.61559"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "BID",
"id": "77355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77355"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6351",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07232",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6351",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07232",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-785",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84312",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-6351",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "VULHUB",
"id": "VHN-84312"
},
{
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. A remote attacker exploiting this vulnerability could result in a denial of service. \nAn attacker can exploit this issue to cause the BGP process to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCuw65781. The vulnerability is caused by the program not properly validating BGP packet headers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6351"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "BID",
"id": "77355"
},
{
"db": "VULHUB",
"id": "VHN-84312"
},
{
"db": "VULMON",
"id": "CVE-2015-6351"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6351",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1034024",
"trust": 1.2
},
{
"db": "BID",
"id": "77355",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07232",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84312",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6351",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "VULHUB",
"id": "VHN-84312"
},
{
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"db": "BID",
"id": "77355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"id": "VAR-201510-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "VULHUB",
"id": "VHN-84312"
}
],
"trust": 1.4134865099999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
}
]
},
"last_update_date": "2024-02-13T22:34:42.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151028-asr",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151028-asr"
},
{
"title": "Patch for Cisco ASR 5500 SAE Gateway Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/66242"
},
{
"title": "Cisco ASR 5500 System Architecture Evolution Gateway Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58516"
},
{
"title": "Cisco: Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151028-asr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84312"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151028-asr"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1034024"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6351"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6351"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "VULHUB",
"id": "VHN-84312"
},
{
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"db": "BID",
"id": "77355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"db": "VULHUB",
"id": "VHN-84312"
},
{
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"db": "BID",
"id": "77355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"date": "2015-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-84312"
},
{
"date": "2015-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"date": "2015-10-29T00:00:00",
"db": "BID",
"id": "77355"
},
{
"date": "2015-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"date": "2015-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"date": "2015-10-30T10:59:09.527000",
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07232"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84312"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6351"
},
{
"date": "2015-10-29T00:00:00",
"db": "BID",
"id": "77355"
},
{
"date": "2015-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005688"
},
{
"date": "2015-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-785"
},
{
"date": "2016-12-07T18:19:42.487000",
"db": "NVD",
"id": "CVE-2015-6351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5500 System Architecture Evolution Gateway Service disruption in device software (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005688"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-785"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…