Details of VAR-201506-0256

ID

VAR-201506-0256

CVE

CVE-2015-4199

TITLE

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Race Condition Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-04190 // CNNVD: CNNVD-201506-581

DESCRIPTION

Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366. (NULL Pointer release and module crash ) There are vulnerabilities that are put into a state. Cisco IOS on uBR devices is a set of operating systems running on uBR routers from Cisco. A remote attacker can exploit the vulnerability by submitting specially crafted content to the target device (the null pointer is released and the PRE module crashes). This issue is being tracked by Cisco Bug ID CSCug47366

Trust: 2.52

sources: NVD: CVE-2015-4199 // JVNDB: JVNDB-2015-003290 // CNVD: CNVD-2015-04190 // BID: 75335 // VULHUB: VHN-82160

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04190

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.3s	Trust: 2.4
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2015-04190 // JVNDB: JVNDB-2015-003290 // CNNVD: CNNVD-201506-581 // NVD: CVE-2015-4199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4199
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4199
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-04190
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-581
value:	HIGH
Trust: 0.6
VULHUB:	VHN-82160
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-4199
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04190
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82160
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04190 // VULHUB: VHN-82160 // JVNDB: JVNDB-2015-003290 // CNNVD: CNNVD-201506-581 // NVD: CVE-2015-4199

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-82160 // JVNDB: JVNDB-2015-003290 // NVD: CVE-2015-4199

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-581

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201506-581

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003290

PATCH

title:	39423	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39423	Trust: 0.8
title:	Patch for Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Race Condition Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/60309	Trust: 0.6

sources: CNVD: CNVD-2015-04190 // JVNDB: JVNDB-2015-003290

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4199	Trust: 3.4
db:	BID	id:	75335	Trust: 2.0
db:	SECTRACK	id:	1032692	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003290	Trust: 0.8
db:	CNVD	id:	CNVD-2015-04190	Trust: 0.6
db:	CNNVD	id:	CNNVD-201506-581	Trust: 0.6
db:	VULHUB	id:	VHN-82160	Trust: 0.1

sources: CNVD: CNVD-2015-04190 // VULHUB: VHN-82160 // BID: 75335 // JVNDB: JVNDB-2015-003290 // CNNVD: CNNVD-201506-581 // NVD: CVE-2015-4199

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39423	Trust: 2.3
url:	http://www.securityfocus.com/bid/75335	Trust: 1.1
url:	http://www.securitytracker.com/id/1032692	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4199	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4199	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2015-04190 // VULHUB: VHN-82160 // BID: 75335 // JVNDB: JVNDB-2015-003290 // CNNVD: CNNVD-201506-581 // NVD: CVE-2015-4199

CREDITS

Cisco

Trust: 0.3

sources: BID: 75335

SOURCES

db:	CNVD	id:	CNVD-2015-04190
db:	VULHUB	id:	VHN-82160
db:	BID	id:	75335
db:	JVNDB	id:	JVNDB-2015-003290
db:	CNNVD	id:	CNNVD-201506-581
db:	NVD	id:	CVE-2015-4199

LAST UPDATE DATE

2025-04-13T23:14:32.404000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04190	date:	2015-07-03T00:00:00
db:	VULHUB	id:	VHN-82160	date:	2016-12-28T00:00:00
db:	BID	id:	75335	date:	2015-07-15T00:39:00
db:	JVNDB	id:	JVNDB-2015-003290	date:	2015-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201506-581	date:	2015-06-29T00:00:00
db:	NVD	id:	CVE-2015-4199	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04190	date:	2015-07-03T00:00:00
db:	VULHUB	id:	VHN-82160	date:	2015-06-27T00:00:00
db:	BID	id:	75335	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003290	date:	2015-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201506-581	date:	2015-06-29T00:00:00
db:	NVD	id:	CVE-2015-4199	date:	2015-06-27T10:59:00.143