Details of VAR-201502-0122

ID

VAR-201502-0122

CVE

CVE-2015-0592

TITLE

Cisco IOS of Zone-Based Firewall Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001486

DESCRIPTION

The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. Cisco IOS Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to reload the device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh25672. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2015-0592 // JVNDB: JVNDB-2015-001486 // BID: 72346 // VULHUB: VHN-78538

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	lte	version:	15.4\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lte	version:	15.4(2)t3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t3	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: BID: 72346 // JVNDB: JVNDB-2015-001486 // CNNVD: CNNVD-201502-266 // NVD: CVE-2015-0592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0592
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0592
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201502-266
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78538
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0592
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78538
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78538 // JVNDB: JVNDB-2015-001486 // CNNVD: CNNVD-201502-266 // NVD: CVE-2015-0592

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-78538 // JVNDB: JVNDB-2015-001486 // NVD: CVE-2015-0592

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-266

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201502-266

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001486

PATCH

title:	Cisco IOS Software Kernel Timer Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592	Trust: 0.8
title:	37416	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37416	Trust: 0.8

sources: JVNDB: JVNDB-2015-001486

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0592	Trust: 2.8
db:	SECTRACK	id:	1031713	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001486	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-266	Trust: 0.7
db:	BID	id:	72346	Trust: 0.4
db:	VULHUB	id:	VHN-78538	Trust: 0.1

sources: VULHUB: VHN-78538 // BID: 72346 // JVNDB: JVNDB-2015-001486 // CNNVD: CNNVD-201502-266 // NVD: CVE-2015-0592

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0592	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37416	Trust: 1.7
url:	http://www.securitytracker.com/id/1031713	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100758	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0592	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0592	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78538 // BID: 72346 // JVNDB: JVNDB-2015-001486 // CNNVD: CNNVD-201502-266 // NVD: CVE-2015-0592

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 72346

SOURCES

db:	VULHUB	id:	VHN-78538
db:	BID	id:	72346
db:	JVNDB	id:	JVNDB-2015-001486
db:	CNNVD	id:	CNNVD-201502-266
db:	NVD	id:	CVE-2015-0592

LAST UPDATE DATE

2025-04-13T23:39:39.435000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78538	date:	2017-09-08T00:00:00
db:	BID	id:	72346	date:	2015-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-001486	date:	2015-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201502-266	date:	2015-02-12T00:00:00
db:	NVD	id:	CVE-2015-0592	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78538	date:	2015-02-12T00:00:00
db:	BID	id:	72346	date:	2015-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-001486	date:	2015-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201502-266	date:	2015-02-12T00:00:00
db:	NVD	id:	CVE-2015-0592	date:	2015-02-12T01:59:22.717