Details of VAR-201506-0161

ID

VAR-201506-0161

CVE

CVE-2015-0769

TITLE

Cisco CRS-3 Carrier Routing System for Cisco IOS XR Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003073

DESCRIPTION

Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCtx03546

Trust: 2.61

sources: NVD: CVE-2015-0769 // JVNDB: JVNDB-2015-003073 // CNVD: CNVD-2015-03854 // BID: 75155 // VULHUB: VHN-78715 // VULMON: CVE-2015-0769

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03854

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.2.0	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.1_base	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.0.3	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.0.4	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.0.2	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	4.0.11	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.1 to 4.2.0	Trust: 0.8
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.1	Trust: 0.3

sources: CNVD: CNVD-2015-03854 // BID: 75155 // JVNDB: JVNDB-2015-003073 // CNNVD: CNNVD-201506-238 // NVD: CVE-2015-0769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0769
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0769
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03854
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-238
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78715
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-0769
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0769
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-03854
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78715
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03854 // VULHUB: VHN-78715 // VULMON: CVE-2015-0769 // JVNDB: JVNDB-2015-003073 // CNNVD: CNNVD-201506-238 // NVD: CVE-2015-0769

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-78715 // JVNDB: JVNDB-2015-003073 // NVD: CVE-2015-0769

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-238

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201506-238

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003073

PATCH

title:	cisco-sa-20150611-iosxr	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr	Trust: 0.8
title:	39271	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39271	Trust: 0.8
title:	cisco-sa-20150611-iosxr	url:	http://www.cisco.com/cisco/web/support/JP/112/1129/1129444_cisco-sa-20150611-iosxr-j.html	Trust: 0.8
title:	Patch for Cisco IOS XR Software Denial of Service Vulnerability (CNVD-2015-03854)	url:	https://www.cnvd.org.cn/patchInfo/show/59735	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2015/06/15/cisco_ipv6_ios_xr_patch/	Trust: 0.2
title:	Cisco: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150611-CVE-2015-0769	Trust: 0.1
title:	Cisco: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150611-iosxr	Trust: 0.1

sources: CNVD: CNVD-2015-03854 // VULMON: CVE-2015-0769 // JVNDB: JVNDB-2015-003073

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0769	Trust: 3.5
db:	SECTRACK	id:	1032563	Trust: 1.2
db:	BID	id:	75155	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003073	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-238	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03854	Trust: 0.6
db:	VULHUB	id:	VHN-78715	Trust: 0.1
db:	VULMON	id:	CVE-2015-0769	Trust: 0.1

sources: CNVD: CNVD-2015-03854 // VULHUB: VHN-78715 // VULMON: CVE-2015-0769 // BID: 75155 // JVNDB: JVNDB-2015-003073 // CNNVD: CNNVD-201506-238 // NVD: CVE-2015-0769

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150611-iosxr	Trust: 2.7
url:	http://www.securitytracker.com/id/1032563	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0769	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0769	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps5845/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39271	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/75155	Trust: 0.1
url:	https://www.theregister.co.uk/2015/06/15/cisco_ipv6_ios_xr_patch/	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150611-cve-2015-0769	Trust: 0.1

sources: CNVD: CNVD-2015-03854 // VULHUB: VHN-78715 // VULMON: CVE-2015-0769 // BID: 75155 // JVNDB: JVNDB-2015-003073 // CNNVD: CNNVD-201506-238 // NVD: CVE-2015-0769

CREDITS

Cisco

Trust: 0.3

sources: BID: 75155

SOURCES

db:	CNVD	id:	CNVD-2015-03854
db:	VULHUB	id:	VHN-78715
db:	VULMON	id:	CVE-2015-0769
db:	BID	id:	75155
db:	JVNDB	id:	JVNDB-2015-003073
db:	CNNVD	id:	CNNVD-201506-238
db:	NVD	id:	CVE-2015-0769

LAST UPDATE DATE

2025-04-13T23:21:17.116000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03854	date:	2015-06-19T00:00:00
db:	VULHUB	id:	VHN-78715	date:	2017-01-04T00:00:00
db:	VULMON	id:	CVE-2015-0769	date:	2017-01-04T00:00:00
db:	BID	id:	75155	date:	2015-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-003073	date:	2015-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201506-238	date:	2015-06-18T00:00:00
db:	NVD	id:	CVE-2015-0769	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03854	date:	2015-06-19T00:00:00
db:	VULHUB	id:	VHN-78715	date:	2015-06-12T00:00:00
db:	VULMON	id:	CVE-2015-0769	date:	2015-06-12T00:00:00
db:	BID	id:	75155	date:	2015-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-003073	date:	2015-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201506-238	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2015-0769	date:	2015-06-12T14:59:01.113