Sign-up

ID

VAR-201510-0299


CVE

CVE-2015-6263


TITLE

Cisco IOS of RADIUS Denial of service in client implementation (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005198

DESCRIPTION

The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is caused by the fact that the program does not correctly parse the malformed RADIUS packet returned by the RADIUS server

Trust: 2.25

sources: NVD: CVE-2015-6263 // JVNDB: JVNDB-2015-005198 // CNVD: CNVD-2015-06555 // VULHUB: VHN-84224

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06555

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m2.2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4(3)m2.2

Trust: 0.8

vendor:ciscomodel:ios software 15.4 m2.2scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2015-06555 // JVNDB: JVNDB-2015-005198 // CNNVD: CNNVD-201510-139 // NVD: CVE-2015-6263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6263
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6263
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06555
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201510-139
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84224
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6263
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06555
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84224
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-06555 // VULHUB: VHN-84224 // JVNDB: JVNDB-2015-005198 // CNNVD: CNNVD-201510-139 // NVD: CVE-2015-6263

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84224 // JVNDB: JVNDB-2015-005198 // NVD: CVE-2015-6263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-139

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201510-139

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005198

PATCH
title:cisco-sa-20151005-ios-radiusurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius
Trust: 0.8
title:Patch for Cisco IOS Software RADIUS Client Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/65104
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06555 // 
            
            
            
            JVNDB: JVNDB-2015-005198

EXTERNAL IDS
db:NVDid:CVE-2015-6263
Trust: 3.1
db:SECTRACKid:1033747
Trust: 1.1
db:JVNDBid:JVNDB-2015-005198
Trust: 0.8
db:CNNVDid:CNNVD-201510-139
Trust: 0.7
db:CNVDid:CNVD-2015-06555
Trust: 0.6
db:VULHUBid:VHN-84224
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06555 // 
            
            
            
            VULHUB: VHN-84224 // 
            
            
            
            JVNDB: JVNDB-2015-005198 // 
            
            
            
            CNNVD: CNNVD-201510-139 // 
            
            
            
            NVD: CVE-2015-6263

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151005-ios-radius
Trust: 2.3
url:http://www.securitytracker.com/id/1033747
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6263
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6263
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2015-06555 // 
            
            
            
            VULHUB: VHN-84224 // 
            
            
            
            JVNDB: JVNDB-2015-005198 // 
            
            
            
            CNNVD: CNNVD-201510-139 // 
            
            
            
            NVD: CVE-2015-6263

SOURCES
db:CNVDid:CNVD-2015-06555
db:VULHUBid:VHN-84224
db:JVNDBid:JVNDB-2015-005198
db:CNNVDid:CNNVD-201510-139
db:NVDid:CVE-2015-6263

LAST UPDATE DATE
2025-04-12T23:27:32.773000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06555date:2015-10-16T00:00:00
db:VULHUBid:VHN-84224date:2017-01-04T00:00:00
db:JVNDBid:JVNDB-2015-005198date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-139date:2015-10-12T00:00:00
db:NVDid:CVE-2015-6263date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06555date:2015-10-16T00:00:00
db:VULHUBid:VHN-84224date:2015-10-12T00:00:00
db:JVNDBid:JVNDB-2015-005198date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-139date:2015-10-12T00:00:00
db:NVDid:CVE-2015-6263date:2015-10-12T01:59:20.440