ID

VAR-201503-0118


CVE

CVE-2015-0638


TITLE

Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001944

DESCRIPTION

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. Cisco IOS is a popular Internet operating system. Attackers can exploit this issue to cause the VRF interface on the device to enter a wedged state and stop processing packets, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsi02145. The following releases are affected: Cisco IOS Release 12.2, Release 12.4, Release 15.0, Release 15.2, Release 15.3

Trust: 2.52

sources: NVD: CVE-2015-0638 // JVNDB: JVNDB-2015-001944 // CNVD: CNVD-2015-02083 // BID: 73338 // VULHUB: VHN-78584

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-02083

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jb3

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)ex

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jn2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)ja1n

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jap1m

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jax1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jab1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jn

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jb4

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.0\(2\)ed1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 1.4

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)ire3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jb1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jam1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)ja

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jn1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(3\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)ja1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxi4b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(44\)sq1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)ird1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)gc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jb2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jaz1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jax

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)jb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(2\)s2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.0

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.2

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.3

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.0-15.4

Trust: 0.6

vendor:ciscomodel:ios 15.2 t1scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.3sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3jabscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3jascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 jnbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 jnscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 jab1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 ja1nscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2jbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2jaxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2jascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 t3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 t2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 jb4scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 jb1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 jax1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 ja1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0edscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 ed1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4jazscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4japscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4jamscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4 jaz1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4 jap1mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4 jam1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 sq1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 sxi4bscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 ire3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 ird1scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2015-02083 // BID: 73338 // JVNDB: JVNDB-2015-001944 // CNNVD: CNNVD-201503-567 // NVD: CVE-2015-0638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0638
value: HIGH

Trust: 1.0

NVD: CVE-2015-0638
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-02083
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201503-567
value: HIGH

Trust: 0.6

VULHUB: VHN-78584
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0638
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-02083
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78584
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-02083 // VULHUB: VHN-78584 // JVNDB: JVNDB-2015-001944 // CNNVD: CNNVD-201503-567 // NVD: CVE-2015-0638

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-78584 // JVNDB: JVNDB-2015-001944 // NVD: CVE-2015-0638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-567

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201503-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001944

PATCH

title:cisco-sa-20150325-wedgeurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge

Trust: 0.8

title:37814url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37814

Trust: 0.8

title:Patch for Cisco IOS ICMPv4 Packet Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/56791

Trust: 0.6

sources: CNVD: CNVD-2015-02083 // JVNDB: JVNDB-2015-001944

EXTERNAL IDS

db:NVDid:CVE-2015-0638

Trust: 3.4

db:SECTRACKid:1031983

Trust: 1.1

db:JVNDBid:JVNDB-2015-001944

Trust: 0.8

db:CNNVDid:CNNVD-201503-567

Trust: 0.7

db:CNVDid:CNVD-2015-02083

Trust: 0.6

db:BIDid:73338

Trust: 0.4

db:VULHUBid:VHN-78584

Trust: 0.1

sources: CNVD: CNVD-2015-02083 // VULHUB: VHN-78584 // BID: 73338 // JVNDB: JVNDB-2015-001944 // CNNVD: CNNVD-201503-567 // NVD: CVE-2015-0638

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150325-wedge

Trust: 2.6

url:http://www.securitytracker.com/id/1031983

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0638

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0638

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=37814

Trust: 0.3

sources: CNVD: CNVD-2015-02083 // VULHUB: VHN-78584 // BID: 73338 // JVNDB: JVNDB-2015-001944 // CNNVD: CNNVD-201503-567 // NVD: CVE-2015-0638

CREDITS

Cisco

Trust: 0.3

sources: BID: 73338

SOURCES

db:CNVDid:CNVD-2015-02083
db:VULHUBid:VHN-78584
db:BIDid:73338
db:JVNDBid:JVNDB-2015-001944
db:CNNVDid:CNNVD-201503-567
db:NVDid:CVE-2015-0638

LAST UPDATE DATE

2025-04-13T23:21:18.284000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-02083date:2015-03-31T00:00:00
db:VULHUBid:VHN-78584date:2015-09-04T00:00:00
db:BIDid:73338date:2015-03-25T00:00:00
db:JVNDBid:JVNDB-2015-001944date:2015-03-30T00:00:00
db:CNNVDid:CNNVD-201503-567date:2015-03-27T00:00:00
db:NVDid:CVE-2015-0638date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-02083date:2015-03-31T00:00:00
db:VULHUBid:VHN-78584date:2015-03-26T00:00:00
db:BIDid:73338date:2015-03-25T00:00:00
db:JVNDBid:JVNDB-2015-001944date:2015-03-30T00:00:00
db:CNNVDid:CNNVD-201503-567date:2015-03-27T00:00:00
db:NVDid:CVE-2015-0638date:2015-03-26T10:59:04.443