Details of VAR-201508-0127

ID

VAR-201508-0127

CVE

CVE-2015-6256

TITLE

Cisco ASR 5000 Service disruption in device software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004417

DESCRIPTION

Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. The Cisco Aggregation Services Router 5000 and ASR 5500 System Software are Cisco 5000 Series Wireless Controller products from Cisco. Successful exploitation of the issue will cause the OSPF process to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuv62820. A remote attacker could exploit this vulnerability to cause a denial of service (restart)

Trust: 2.52

sources: NVD: CVE-2015-6256 // JVNDB: JVNDB-2015-004417 // CNVD: CNVD-2015-05661 // BID: 76439 // VULHUB: VHN-84217

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05661

AFFECTED PRODUCTS

vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	19.0.m0.60828	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	19.0 .m0.60828	Trust: 0.8
vendor:	cisco	model:	asr system software	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	aggregation services router	scope:	eq	version:	5000	Trust: 0.6

sources: CNVD: CNVD-2015-05661 // JVNDB: JVNDB-2015-004417 // CNNVD: CNNVD-201508-472 // NVD: CVE-2015-6256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6256
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6256
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05661
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201508-472
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84217
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6256
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05661
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05661 // VULHUB: VHN-84217 // JVNDB: JVNDB-2015-004417 // CNNVD: CNNVD-201508-472 // NVD: CVE-2015-6256

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-84217 // JVNDB: JVNDB-2015-004417 // NVD: CVE-2015-6256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-472

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-472

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004417

PATCH

title:	40585	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40585	Trust: 0.8
title:	Patch for Cisco Aggregation Services Router 5000 and ASR 5500 System Software Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/63181	Trust: 0.6

sources: CNVD: CNVD-2015-05661 // JVNDB: JVNDB-2015-004417

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6256	Trust: 3.4
db:	BID	id:	76439	Trust: 1.6
db:	SECTRACK	id:	1033355	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004417	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-472	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05661	Trust: 0.6
db:	VULHUB	id:	VHN-84217	Trust: 0.1

sources: CNVD: CNVD-2015-05661 // VULHUB: VHN-84217 // BID: 76439 // JVNDB: JVNDB-2015-004417 // CNNVD: CNNVD-201508-472 // NVD: CVE-2015-6256

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40585	Trust: 1.7
url:	http://www.securitytracker.com/id/1033355	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6256	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6256	Trust: 0.8
url:	https://tools.cisco.com/bugsearch/bug/cscuv62820	Trust: 0.6
url:	http://www.securityfocus.com/bid/76439	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05661 // VULHUB: VHN-84217 // BID: 76439 // JVNDB: JVNDB-2015-004417 // CNNVD: CNNVD-201508-472 // NVD: CVE-2015-6256

CREDITS

Cisco

Trust: 0.9

sources: BID: 76439 // CNNVD: CNNVD-201508-472

SOURCES

db:	CNVD	id:	CNVD-2015-05661
db:	VULHUB	id:	VHN-84217
db:	BID	id:	76439
db:	JVNDB	id:	JVNDB-2015-004417
db:	CNNVD	id:	CNNVD-201508-472
db:	NVD	id:	CVE-2015-6256

LAST UPDATE DATE

2025-04-12T23:16:50.085000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05661	date:	2015-08-27T00:00:00
db:	VULHUB	id:	VHN-84217	date:	2017-01-04T00:00:00
db:	BID	id:	76439	date:	2015-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-004417	date:	2015-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201508-472	date:	2015-08-27T00:00:00
db:	NVD	id:	CVE-2015-6256	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05661	date:	2015-08-27T00:00:00
db:	VULHUB	id:	VHN-84217	date:	2015-08-22T00:00:00
db:	BID	id:	76439	date:	2015-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-004417	date:	2015-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201508-472	date:	2015-08-21T00:00:00
db:	NVD	id:	CVE-2015-6256	date:	2015-08-22T17:59:01.410