Sign-up

ID

VAR-201510-0028


CVE

CVE-2015-6351


TITLE

Cisco ASR 5500 System Architecture Evolution Gateway Service disruption in device software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005688

DESCRIPTION

Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. A remote attacker exploiting this vulnerability could result in a denial of service. An attacker can exploit this issue to cause the BGP process to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw65781. The vulnerability is caused by the program not properly validating BGP packet headers

Trust: 2.61

sources: NVD: CVE-2015-6351 // JVNDB: JVNDB-2015-005688 // CNVD: CNVD-2015-07232 // BID: 77355 // VULHUB: VHN-84312 // VULMON: CVE-2015-6351

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07232

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 softwarescope:eqversion:19.1.0.61559

Trust: 1.6

vendor:ciscomodel:asr 5000 softwarescope:eqversion:19.2.0

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:19.1.0.61559

Trust: 0.8

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:19.2.0

Trust: 0.8

vendor:ciscomodel:asr system softwarescope:eqversion:550019.1.0.61559

Trust: 0.6

vendor:ciscomodel:asr system softwarescope:eqversion:550019.2.0

Trust: 0.6

vendor:ciscomodel:asr system architecture evolution gatewayscope:eqversion:550019.2.0

Trust: 0.3

vendor:ciscomodel:asr system architecture evolution gatewayscope:eqversion:550019.1.0.61559

Trust: 0.3

vendor:ciscomodel:asr seriesscope:eqversion:50000

Trust: 0.3

sources: CNVD: CNVD-2015-07232 // BID: 77355 // JVNDB: JVNDB-2015-005688 // CNNVD: CNNVD-201510-785 // NVD: CVE-2015-6351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6351
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6351
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07232
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201510-785
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84312
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-6351
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6351
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-07232
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84312
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-07232 // VULHUB: VHN-84312 // VULMON: CVE-2015-6351 // JVNDB: JVNDB-2015-005688 // CNNVD: CNNVD-201510-785 // NVD: CVE-2015-6351

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84312 // JVNDB: JVNDB-2015-005688 // NVD: CVE-2015-6351

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-785

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201510-785

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005688

PATCH
title:cisco-sa-20151028-asrurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr
Trust: 0.8
title:Patch for Cisco ASR 5500 SAE Gateway Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/66242
Trust: 0.6
title:Cisco ASR 5500 System Architecture Evolution Gateway Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58516
Trust: 0.6
title:Cisco: Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151028-asr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07232 // 
            
            
            
            VULMON: CVE-2015-6351 // 
            
            
            
            JVNDB: JVNDB-2015-005688 // 
            
            
            
            CNNVD: CNNVD-201510-785

EXTERNAL IDS
db:NVDid:CVE-2015-6351
Trust: 3.5
db:SECTRACKid:1034024
Trust: 1.2
db:BIDid:77355
Trust: 1.0
db:JVNDBid:JVNDB-2015-005688
Trust: 0.8
db:CNNVDid:CNNVD-201510-785
Trust: 0.7
db:CNVDid:CNVD-2015-07232
Trust: 0.6
db:VULHUBid:VHN-84312
Trust: 0.1
db:VULMONid:CVE-2015-6351
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07232 // 
            
            
            
            VULHUB: VHN-84312 // 
            
            
            
            VULMON: CVE-2015-6351 // 
            
            
            
            BID: 77355 // 
            
            
            
            JVNDB: JVNDB-2015-005688 // 
            
            
            
            CNNVD: CNNVD-201510-785 // 
            
            
            
            NVD: CVE-2015-6351

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151028-asr
Trust: 2.8
url:http://www.securitytracker.com/id/1034024
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6351
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6351
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07232 // 
            
            
            
            VULHUB: VHN-84312 // 
            
            
            
            VULMON: CVE-2015-6351 // 
            
            
            
            BID: 77355 // 
            
            
            
            JVNDB: JVNDB-2015-005688 // 
            
            
            
            CNNVD: CNNVD-201510-785 // 
            
            
            
            NVD: CVE-2015-6351

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77355

SOURCES
db:CNVDid:CNVD-2015-07232
db:VULHUBid:VHN-84312
db:VULMONid:CVE-2015-6351
db:BIDid:77355
db:JVNDBid:JVNDB-2015-005688
db:CNNVDid:CNNVD-201510-785
db:NVDid:CVE-2015-6351

LAST UPDATE DATE
2025-04-13T23:37:31.200000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07232date:2015-11-05T00:00:00
db:VULHUBid:VHN-84312date:2016-12-07T00:00:00
db:VULMONid:CVE-2015-6351date:2016-12-07T00:00:00
db:BIDid:77355date:2015-10-29T00:00:00
db:JVNDBid:JVNDB-2015-005688date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-785date:2015-11-02T00:00:00
db:NVDid:CVE-2015-6351date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07232date:2015-11-05T00:00:00
db:VULHUBid:VHN-84312date:2015-10-30T00:00:00
db:VULMONid:CVE-2015-6351date:2015-10-30T00:00:00
db:BIDid:77355date:2015-10-29T00:00:00
db:JVNDBid:JVNDB-2015-005688date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-785date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6351date:2015-10-30T10:59:09.527