Details of VAR-201506-0257

ID

VAR-201506-0257

CVE

CVE-2015-4200

TITLE

Cisco uBR10000 Runs on the device PRE Module Cisco IOS of IPv6-to-IPv4 Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003245

DESCRIPTION

Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885. Cisco IOS on uBR10000 devices is a set of operating systems running on the uBR10000 series routers from Cisco. Cisco IOS Software is prone to denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCug00885. The vulnerability is caused by not releasing the memory used to store the IPv6 address of the CPE device when a specific error is generated in the program

Trust: 2.52

sources: NVD: CVE-2015-4200 // JVNDB: JVNDB-2015-003245 // CNVD: CNVD-2015-04119 // BID: 75254 // VULHUB: VHN-82161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04119

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.3s	Trust: 2.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)s	Trust: 1.6
vendor:	cisco	model:	ios 15.3s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	eq	version:	15.3(3)s	Trust: 0.8
vendor:	cisco	model:	ubr10000 for router cable modem termination system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios 15.3 s	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-04119 // BID: 75254 // JVNDB: JVNDB-2015-003245 // CNNVD: CNNVD-201506-401 // NVD: CVE-2015-4200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4200
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4200
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-04119
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-401
value:	HIGH
Trust: 0.6
VULHUB:	VHN-82161
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-4200
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04119
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82161
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04119 // VULHUB: VHN-82161 // JVNDB: JVNDB-2015-003245 // CNNVD: CNNVD-201506-401 // NVD: CVE-2015-4200

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-82161 // JVNDB: JVNDB-2015-003245 // NVD: CVE-2015-4200

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-401

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201506-401

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003245

PATCH

title:	39424	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39424	Trust: 0.8
title:	Patch for Cisco uBR10000 IOS Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/60188	Trust: 0.6

sources: CNVD: CNVD-2015-04119 // JVNDB: JVNDB-2015-003245

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4200	Trust: 3.4
db:	BID	id:	75254	Trust: 1.4
db:	SECTRACK	id:	1032692	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003245	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-401	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04119	Trust: 0.6
db:	VULHUB	id:	VHN-82161	Trust: 0.1

sources: CNVD: CNVD-2015-04119 // VULHUB: VHN-82161 // BID: 75254 // JVNDB: JVNDB-2015-003245 // CNNVD: CNNVD-201506-401 // NVD: CVE-2015-4200

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39424	Trust: 2.6
url:	http://www.securityfocus.com/bid/75254	Trust: 1.1
url:	http://www.securitytracker.com/id/1032692	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4200	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4200	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2015-04119 // VULHUB: VHN-82161 // BID: 75254 // JVNDB: JVNDB-2015-003245 // CNNVD: CNNVD-201506-401 // NVD: CVE-2015-4200

CREDITS

Cisco

Trust: 0.3

sources: BID: 75254

SOURCES

db:	CNVD	id:	CNVD-2015-04119
db:	VULHUB	id:	VHN-82161
db:	BID	id:	75254
db:	JVNDB	id:	JVNDB-2015-003245
db:	CNNVD	id:	CNNVD-201506-401
db:	NVD	id:	CVE-2015-4200

LAST UPDATE DATE

2025-04-13T23:14:32.370000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04119	date:	2015-06-30T00:00:00
db:	VULHUB	id:	VHN-82161	date:	2016-12-28T00:00:00
db:	BID	id:	75254	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003245	date:	2015-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201506-401	date:	2015-06-26T00:00:00
db:	NVD	id:	CVE-2015-4200	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04119	date:	2015-06-30T00:00:00
db:	VULHUB	id:	VHN-82161	date:	2015-06-23T00:00:00
db:	BID	id:	75254	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003245	date:	2015-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201506-401	date:	2015-06-24T00:00:00
db:	NVD	id:	CVE-2015-4200	date:	2015-06-23T12:59:00.100