Sign-up

ID

VAR-201502-0145


CVE

CVE-2015-0617


TITLE

Cisco ASR 5500 System Architecture Evolution Gateway Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001545

DESCRIPTION

Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). A denial of service vulnerability exists in the Cisco ASR 5000 Series Software. The SNMP code of the gateway fails to properly verify SNMP packets, allowing an attacker to exploit this vulnerability to send a specially crafted SNMP message to crash the SNMP process. Successful exploitation of the issue will cause excessive CPU consumption, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCur13393

Trust: 2.52

sources: NVD: CVE-2015-0617 // JVNDB: JVNDB-2015-001545 // CNVD: CNVD-2015-01221 // BID: 72608 // VULHUB: VHN-78563

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01221

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 series softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:lteversion:17.0

Trust: 0.8

vendor:ciscomodel:asr series softwarescope:eqversion:5000

Trust: 0.6

vendor:ciscomodel:asr series softwarescope:eqversion:50000

Trust: 0.3

sources: CNVD: CNVD-2015-01221 // BID: 72608 // JVNDB: JVNDB-2015-001545 // CNNVD: CNNVD-201502-425 // NVD: CVE-2015-0617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0617
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0617
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01221
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-425
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78563
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01221
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78563
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-01221 // VULHUB: VHN-78563 // JVNDB: JVNDB-2015-001545 // CNNVD: CNNVD-201502-425 // NVD: CVE-2015-0617

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-78563 // JVNDB: JVNDB-2015-001545 // NVD: CVE-2015-0617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-425

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201502-425

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001545

PATCH
title:Cisco ASR 5000 System Architecture Evolution Gateway High CPU Utilization Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0617
Trust: 0.8
title:37490url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37490
Trust: 0.8
title:Patch for Cisco ASR 5000 Series Software Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/55511
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01221 // 
            
            
            
            JVNDB: JVNDB-2015-001545

EXTERNAL IDS
db:NVDid:CVE-2015-0617
Trust: 3.4
db:SECTRACKid:1031754
Trust: 1.7
db:BIDid:72608
Trust: 1.0
db:JVNDBid:JVNDB-2015-001545
Trust: 0.8
db:CNNVDid:CNNVD-201502-425
Trust: 0.7
db:CNVDid:CNVD-2015-01221
Trust: 0.6
db:XFid:100923
Trust: 0.6
db:VULHUBid:VHN-78563
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01221 // 
            
            
            
            VULHUB: VHN-78563 // 
            
            
            
            BID: 72608 // 
            
            
            
            JVNDB: JVNDB-2015-001545 // 
            
            
            
            CNNVD: CNNVD-201502-425 // 
            
            
            
            NVD: CVE-2015-0617

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0617
Trust: 2.6
url:http://www.securitytracker.com/id/1031754
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100923
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0617
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0617
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/100923
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-01221 // 
            
            
            
            VULHUB: VHN-78563 // 
            
            
            
            BID: 72608 // 
            
            
            
            JVNDB: JVNDB-2015-001545 // 
            
            
            
            CNNVD: CNNVD-201502-425 // 
            
            
            
            NVD: CVE-2015-0617

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72608

SOURCES
db:CNVDid:CNVD-2015-01221
db:VULHUBid:VHN-78563
db:BIDid:72608
db:JVNDBid:JVNDB-2015-001545
db:CNNVDid:CNNVD-201502-425
db:NVDid:CVE-2015-0617

LAST UPDATE DATE
2025-04-12T23:31:28.124000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01221date:2015-02-27T00:00:00
db:VULHUBid:VHN-78563date:2017-09-08T00:00:00
db:BIDid:72608date:2015-02-16T00:00:00
db:JVNDBid:JVNDB-2015-001545date:2015-02-23T00:00:00
db:CNNVDid:CNNVD-201502-425date:2015-02-26T00:00:00
db:NVDid:CVE-2015-0617date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01221date:2015-02-27T00:00:00
db:VULHUBid:VHN-78563date:2015-02-18T00:00:00
db:BIDid:72608date:2015-02-16T00:00:00
db:JVNDBid:JVNDB-2015-001545date:2015-02-23T00:00:00
db:CNNVDid:CNNVD-201502-425date:2015-02-26T00:00:00
db:NVDid:CVE-2015-0617date:2015-02-18T02:59:02.470