Sign-up

ID

VAR-201511-0216


CVE

CVE-2015-6365


TITLE

Cisco IOS Vulnerabilities that can bypass network traffic restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-005927

DESCRIPTION

Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. Vendors have confirmed this vulnerability Bug ID CSCur61303 It is released as.By a remotely authenticated user PPP May be used to circumvent network traffic restrictions. Cisco IOS is a popular Internet operating system. There is a security vulnerability in Cisco IOS. Remote attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCur61303

Trust: 2.52

sources: NVD: CVE-2015-6365 // JVNDB: JVNDB-2015-005927 // CNVD: CNVD-2015-07561 // BID: 77583 // VULHUB: VHN-84326

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07561

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(4\)m

Trust: 1.6

vendor:ciscomodel:ios software 15.2 mscope: - version: -

Trust: 0.9

vendor:ciscomodel:ios software 15.4 mscope: - version: -

Trust: 0.9

vendor:ciscomodel:iosscope:eqversion:15.2(04)m

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.4(03)m

Trust: 0.8

sources: CNVD: CNVD-2015-07561 // BID: 77583 // JVNDB: JVNDB-2015-005927 // CNNVD: CNNVD-201511-249 // NVD: CVE-2015-6365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6365
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6365
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07561
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-249
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84326
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6365
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07561
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84326
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-07561 // VULHUB: VHN-84326 // JVNDB: JVNDB-2015-005927 // CNNVD: CNNVD-201511-249 // NVD: CVE-2015-6365

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84326 // JVNDB: JVNDB-2015-005927 // NVD: CVE-2015-6365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-249

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201511-249

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005927

PATCH
title:cisco-sa-20151112-ios1url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1
Trust: 0.8
title:Cisco IOS Virtual PPP ACLs control patches that bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/66807
Trust: 0.6
title:Cisco IOS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58738
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07561 // 
            
            
            
            JVNDB: JVNDB-2015-005927 // 
            
            
            
            CNNVD: CNNVD-201511-249

EXTERNAL IDS
db:NVDid:CVE-2015-6365
Trust: 3.4
db:SECTRACKid:1034158
Trust: 1.1
db:JVNDBid:JVNDB-2015-005927
Trust: 0.8
db:CNNVDid:CNNVD-201511-249
Trust: 0.7
db:CNVDid:CNVD-2015-07561
Trust: 0.6
db:BIDid:77583
Trust: 0.4
db:SEEBUGid:SSVID-89790
Trust: 0.1
db:VULHUBid:VHN-84326
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07561 // 
            
            
            
            VULHUB: VHN-84326 // 
            
            
            
            BID: 77583 // 
            
            
            
            JVNDB: JVNDB-2015-005927 // 
            
            
            
            CNNVD: CNNVD-201511-249 // 
            
            
            
            NVD: CVE-2015-6365

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151112-ios1
Trust: 2.6
url:http://www.securitytracker.com/id/1034158
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6365
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6365
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07561 // 
            
            
            
            VULHUB: VHN-84326 // 
            
            
            
            BID: 77583 // 
            
            
            
            JVNDB: JVNDB-2015-005927 // 
            
            
            
            CNNVD: CNNVD-201511-249 // 
            
            
            
            NVD: CVE-2015-6365

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77583

SOURCES
db:CNVDid:CNVD-2015-07561
db:VULHUBid:VHN-84326
db:BIDid:77583
db:JVNDBid:JVNDB-2015-005927
db:CNNVDid:CNNVD-201511-249
db:NVDid:CVE-2015-6365

LAST UPDATE DATE
2025-04-13T23:21:14.451000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07561date:2015-11-17T00:00:00
db:VULHUBid:VHN-84326date:2016-12-07T00:00:00
db:BIDid:77583date:2015-11-13T00:00:00
db:JVNDBid:JVNDB-2015-005927date:2015-11-17T00:00:00
db:CNNVDid:CNNVD-201511-249date:2015-11-18T00:00:00
db:NVDid:CVE-2015-6365date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07561date:2015-11-17T00:00:00
db:VULHUBid:VHN-84326date:2015-11-14T00:00:00
db:BIDid:77583date:2015-11-13T00:00:00
db:JVNDBid:JVNDB-2015-005927date:2015-11-17T00:00:00
db:CNNVDid:CNNVD-201511-249date:2015-11-16T00:00:00
db:NVDid:CVE-2015-6365date:2015-11-14T03:59:03.240