Vulnerability-Lookup

CVE-2015-0771 (GCVE-0-2015-0771)

Vulnerability from cvelistv5 – Published: 2015-06-12 10:00 – Updated: 2024-08-06 04:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

VAR-201506-0163

Vulnerability from variot - Updated: 2025-04-12 23:35

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. The Cisco Catalyst 6500 Series Switches are a set of 6500 series switches. A denial of service vulnerability exists in Cisco Catalyst 6500 Series Switches that allows remote attackers to submit special requests to overload the switch, causing a denial of service attack. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCur70505. WS-IPSEC-3 service is one of the IPsec VPN service modules. The vulnerability is caused by insufficient boundary checks on specially crafted messages when the program establishes an IPsec tunnel

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0163",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2sxj"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2\\(33\\)sxj8"
      },
      {
        "model": "catalyst 6503-e switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6504-e switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6506-e switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6509-e switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6509-neb-a switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6509-v-e switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6513 switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6513-e switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "catalyst series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6500"
      },
      {
        "model": "ios 12.2sxj",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sxj8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6500"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "BID",
        "id": "75063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6503-e",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6504-e",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6506-e",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6509-e",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6509-neb-a",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6509-v-e",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6513",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:catalyst_6513-e",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:cisco:ios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-0771",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2015-0771",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2015-03780",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-78717",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-0771",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-0771",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-03780",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-214",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78717",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. The Cisco Catalyst 6500 Series Switches are a set of 6500 series switches. A denial of service vulnerability exists in Cisco Catalyst 6500 Series Switches that allows remote attackers to submit special requests to overload the switch, causing a denial of service attack. \nAttackers can exploit this issue to reload the affected device, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCur70505. WS-IPSEC-3 service is one of the IPsec VPN service modules. The vulnerability is caused by insufficient boundary checks on specially crafted messages when the program establishes an IPsec tunnel",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "BID",
        "id": "75063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0771",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "75063",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1032517",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "db": "BID",
        "id": "75063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "id": "VAR-201506-0163",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      }
    ],
    "trust": 1.2344214
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      }
    ]
  },
  "last_update_date": "2025-04-12T23:35:06.038000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39233",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39233"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39233"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75063"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032517"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0771"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0771"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/switches/catalyst-6500-series-switches/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "db": "BID",
        "id": "75063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "db": "BID",
        "id": "75063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "date": "2015-06-08T00:00:00",
        "db": "BID",
        "id": "75063"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "date": "2015-06-12T10:59:01.683000",
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03780"
      },
      {
        "date": "2017-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78717"
      },
      {
        "date": "2015-06-08T00:00:00",
        "db": "BID",
        "id": "75063"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-0771"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Catalyst 6500 Runs on series devices  Cisco IOS of  WS-IPSEC-3 Service operation disruption in service modules  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003069"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-214"
      }
    ],
    "trust": 0.6
  }
}

GHSA-FVPV-PJQH-3R46

Vulnerability from github – Published: 2022-05-17 03:08 – Updated: 2022-05-17 03:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0771"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-12T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.",
  "id": "GHSA-fvpv-pjqh-3r46",
  "modified": "2022-05-17T03:08:45Z",
  "published": "2022-05-17T03:08:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0771"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39233"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032517"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-0771

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0771

Aliases

CVE-2015-0771

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0771",
    "description": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.",
    "id": "GSD-2015-0771"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0771"
      ],
      "details": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.",
      "id": "GSD-2015-0771",
      "modified": "2023-12-13T01:19:57.955249Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-0771",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150608 Cisco Catalyst 6500 Series Switches IPsec Tunnel Handling Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39233"
          },
          {
            "name": "1032517",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032517"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(33\\)sxj8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sxj:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0771"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150608 Cisco Catalyst 6500 Series Switches IPsec Tunnel Handling Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39233"
            },
            {
              "name": "1032517",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032517"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-01-04T16:03Z",
      "publishedDate": "2015-06-12T10:59Z"
    }
  }
}

CNVD-2015-03780

Vulnerability from cnvd - Published: 2015-06-15

Title

Cisco Catalyst 6500 Series Switches拒绝服务漏洞

Description

Cisco Catalyst 6500 Series Switches是一套6500系列交换机产品。 Cisco Catalyst 6500 Series Switches中存在拒绝服务漏洞，允许远程攻击者提交特殊的请求使交换机重载，造成拒绝服务攻击。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.cisco.com/

Reference

http://www.securityfocus.com/bid/75063

Impacted products

Name
Cisco Catalyst 6500 Series Switches

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75063"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0771"
    }
  },
  "description": "Cisco Catalyst 6500 Series Switches\u662f\u4e00\u59576500\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\nCisco Catalyst 6500 Series Switches\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4f7f\u4ea4\u6362\u673a\u91cd\u8f7d\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03780",
  "openTime": "2015-06-15",
  "products": {
    "product": "Cisco Catalyst 6500 Series Switches"
  },
  "referenceLink": "http://www.securityfocus.com/bid/75063",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-11",
  "title": "Cisco Catalyst 6500 Series Switches\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2015-0771

Vulnerability from fkie_nvd - Published: 2015-06-12 10:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39233	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032517	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39233	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032517	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	ios	12.2\(33\)sxj8
cisco	ios	12.2sxj
cisco	catalyst_6503-e	-
cisco	catalyst_6504-e	-
cisco	catalyst_6506-e	-
cisco	catalyst_6509-e	-
cisco	catalyst_6509-neb-a	-
cisco	catalyst_6509-v-e	-
cisco	catalyst_6513	-
cisco	catalyst_6513-e	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(33\\)sxj8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E920061-80A8-41E0-BA64-A20264020C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sxj:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD9E1D84-1BC7-4956-A2BB-441B1E10C34C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F202892E-2E58-4D77-B983-38AFA51CDBC6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE25114-ABBC-47A0-9C20-E8D40D721313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADD5F49-2817-40EC-861C-C922825708BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E628F9C4-98C6-4A95-AF81-F1E6A56E8648",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AFF899C-1EB3-46D8-9003-EA36A68C90B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6463491-F63E-44CB-A1D4-C029BE7D3D3D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8668D34-096B-4FC3-B9B1-0ECFD6265778",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n IKE en el m\u00f3dulo de servicio WS-IPSEC-3 en Cisco IOS 12.2 en los dispositivos Catalyst 6500 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (recarga de dispositivo) mediante el envi\u00f3 de un mensaje manipulado durante el montaje del t\u00fanel IPsec, tambi\u00e9n conocida como Bug ID CSCur70505."
    }
  ],
  "id": "CVE-2015-0771",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-12T10:59:01.683",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39233"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032517"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0771 (GCVE-0-2015-0771)

VAR-201506-0163

GHSA-FVPV-PJQH-3R46

GSD-2015-0771

CNVD-2015-03780

FKIE_CVE-2015-0771

Tags

Sightings

Nomenclature