Details of VAR-201503-0163

ID

VAR-201503-0163

CVE

CVE-2015-0659

TITLE

Cisco IOS of Autonomic Networking Infrastructure Vulnerabilities triggered by self-reference adjacency in implementations

Trust: 0.8

sources: JVNDB: JVNDB-2015-001669

DESCRIPTION

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. Cisco IOS is an operating system developed by Cisco Systems for its network devices. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCup62157

Trust: 2.61

sources: NVD: CVE-2015-0659 // JVNDB: JVNDB-2015-001669 // CNVD: CNVD-2015-01498 // BID: 72966 // VULHUB: VHN-78605 // VULMON: CVE-2015-0659

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-01498

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-01498 // BID: 72966 // JVNDB: JVNDB-2015-001669 // CNNVD: CNNVD-201503-118 // NVD: CVE-2015-0659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0659
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0659
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-01498
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201503-118
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78605
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-0659
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0659
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-01498
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78605
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-01498 // VULHUB: VHN-78605 // VULMON: CVE-2015-0659 // JVNDB: JVNDB-2015-001669 // CNNVD: CNNVD-201503-118 // NVD: CVE-2015-0659

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-0659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-118

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 72966

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001669

PATCH

title:	Cisco IOS Autonomic Networking Infrastructure Self-Referential Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0659	Trust: 0.8
title:	Patches for unexplained vulnerabilities in the Cisco IOS Autonomic Networking Infrastructure feature	url:	https://www.cnvd.org.cn/patchInfo/show/55938	Trust: 0.6

sources: CNVD: CNVD-2015-01498 // JVNDB: JVNDB-2015-001669

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0659	Trust: 3.5
db:	SECTRACK	id:	1031845	Trust: 1.2
db:	BID	id:	72966	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-001669	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-118	Trust: 0.7
db:	CNVD	id:	CNVD-2015-01498	Trust: 0.6
db:	VULHUB	id:	VHN-78605	Trust: 0.1
db:	VULMON	id:	CVE-2015-0659	Trust: 0.1

sources: CNVD: CNVD-2015-01498 // VULHUB: VHN-78605 // VULMON: CVE-2015-0659 // BID: 72966 // JVNDB: JVNDB-2015-001669 // CNNVD: CNNVD-201503-118 // NVD: CVE-2015-0659

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0659	Trust: 2.7
url:	http://www.securitytracker.com/id/1031845	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0659	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0659	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/public/sw-center/sw-ios.shtml	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-01498 // VULHUB: VHN-78605 // VULMON: CVE-2015-0659 // BID: 72966 // JVNDB: JVNDB-2015-001669 // CNNVD: CNNVD-201503-118 // NVD: CVE-2015-0659

CREDITS

Cisco

Trust: 0.3

sources: BID: 72966

SOURCES

db:	CNVD	id:	CNVD-2015-01498
db:	VULHUB	id:	VHN-78605
db:	VULMON	id:	CVE-2015-0659
db:	BID	id:	72966
db:	JVNDB	id:	JVNDB-2015-001669
db:	CNNVD	id:	CNNVD-201503-118
db:	NVD	id:	CVE-2015-0659

LAST UPDATE DATE

2025-04-13T23:18:11.381000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-01498	date:	2015-03-09T00:00:00
db:	VULHUB	id:	VHN-78605	date:	2015-11-02T00:00:00
db:	VULMON	id:	CVE-2015-0659	date:	2015-11-02T00:00:00
db:	BID	id:	72966	date:	2015-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-001669	date:	2015-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201503-118	date:	2015-03-06T00:00:00
db:	NVD	id:	CVE-2015-0659	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-01498	date:	2015-03-09T00:00:00
db:	VULHUB	id:	VHN-78605	date:	2015-03-06T00:00:00
db:	VULMON	id:	CVE-2015-0659	date:	2015-03-06T00:00:00
db:	BID	id:	72966	date:	2015-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-001669	date:	2015-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201503-118	date:	2015-03-06T00:00:00
db:	NVD	id:	CVE-2015-0659	date:	2015-03-06T03:00:15.237