Sign-up

ID

VAR-201506-0291


CVE

CVE-2015-4202


TITLE

Cisco uBR10000 Important in cable modem termination systems for routers MAC Vulnerability to obtain information about address and network usage

Trust: 0.8

sources: JVNDB: JVNDB-2015-003228

DESCRIPTION

Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. Vendors have confirmed this vulnerability Bug ID CSCua39203 It is released as.Skillfully crafted by a third party IPDR Important through the packet MAC Information about address and network usage may be obtained. The Cisco uBR 10000 Series is a router device from Cisco. Cisco uBR10000 Series Universal Broadband Routers are prone to information disclosure vulnerability. A remote attacker may exploit this issue to gain potentially sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCua39203. Cisco IOS on uBR10000 router Cable Modem Termination Systems (CMTS) is a set of operating system running on uBR10000 CMTS (Cable Modem Termination System) router of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2015-4202 // JVNDB: JVNDB-2015-003228 // CNVD: CNVD-2015-03987 // BID: 75321 // VULHUB: VHN-82163

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03987

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2sch

Trust: 2.4

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch

Trust: 1.6

vendor:ciscomodel:ios 12.2schscope: - version: -

Trust: 0.9

vendor:ciscomodel:iosscope:eqversion:12.2(33)sch

Trust: 0.8

vendor:ciscomodel:ubr10000 for router cable modem termination systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:ubr10000 router cable modem termination systemsscope: - version: -

Trust: 0.6

vendor:ciscomodel:ubr10000scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 schscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2015-03987 // BID: 75321 // JVNDB: JVNDB-2015-003228 // CNNVD: CNNVD-201506-350 // NVD: CVE-2015-4202

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4202
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4202
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03987
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-350
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82163
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4202
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03987
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82163
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-03987 // VULHUB: VHN-82163 // JVNDB: JVNDB-2015-003228 // CNNVD: CNNVD-201506-350 // NVD: CVE-2015-4202

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82163 // JVNDB: JVNDB-2015-003228 // NVD: CVE-2015-4202

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-350

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-350

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003228

PATCH
title:39432url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39432
Trust: 0.8
title:Patch for Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/59983
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03987 // 
            
            
            
            JVNDB: JVNDB-2015-003228

EXTERNAL IDS
db:NVDid:CVE-2015-4202
Trust: 3.4
db:BIDid:75321
Trust: 2.0
db:SECTRACKid:1032678
Trust: 1.1
db:JVNDBid:JVNDB-2015-003228
Trust: 0.8
db:CNNVDid:CNNVD-201506-350
Trust: 0.7
db:CNVDid:CNVD-2015-03987
Trust: 0.6
db:VULHUBid:VHN-82163
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03987 // 
            
            
            
            VULHUB: VHN-82163 // 
            
            
            
            BID: 75321 // 
            
            
            
            JVNDB: JVNDB-2015-003228 // 
            
            
            
            CNNVD: CNNVD-201506-350 // 
            
            
            
            NVD: CVE-2015-4202

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39432
Trust: 2.6
url:http://www.securityfocus.com/bid/75321
Trust: 1.1
url:http://www.securitytracker.com/id/1032678
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4202
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4202
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03987 // 
            
            
            
            VULHUB: VHN-82163 // 
            
            
            
            BID: 75321 // 
            
            
            
            JVNDB: JVNDB-2015-003228 // 
            
            
            
            CNNVD: CNNVD-201506-350 // 
            
            
            
            NVD: CVE-2015-4202

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75321

SOURCES
db:CNVDid:CNVD-2015-03987
db:VULHUBid:VHN-82163
db:BIDid:75321
db:JVNDBid:JVNDB-2015-003228
db:CNNVDid:CNNVD-201506-350
db:NVDid:CVE-2015-4202

LAST UPDATE DATE
2025-04-13T23:23:44.731000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03987date:2015-06-25T00:00:00
db:VULHUBid:VHN-82163date:2016-12-28T00:00:00
db:BIDid:75321date:2015-06-19T00:00:00
db:JVNDBid:JVNDB-2015-003228date:2015-06-23T00:00:00
db:CNNVDid:CNNVD-201506-350date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4202date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03987date:2015-06-25T00:00:00
db:VULHUBid:VHN-82163date:2015-06-20T00:00:00
db:BIDid:75321date:2015-06-19T00:00:00
db:JVNDBid:JVNDB-2015-003228date:2015-06-23T00:00:00
db:CNNVDid:CNNVD-201506-350date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4202date:2015-06-20T14:59:01.947