Vulnerability-Lookup

CVE-2015-4202 (GCVE-0-2015-4202)

Vulnerability from cvelistv5 – Published: 2015-06-20 14:00 – Updated: 2024-08-06 06:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

VAR-201506-0291

Vulnerability from variot - Updated: 2025-04-13 23:23

Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. Vendors have confirmed this vulnerability Bug ID CSCua39203 It is released as.Skillfully crafted by a third party IPDR Important through the packet MAC Information about address and network usage may be obtained. The Cisco uBR 10000 Series is a router device from Cisco. Cisco uBR10000 Series Universal Broadband Routers are prone to information disclosure vulnerability. A remote attacker may exploit this issue to gain potentially sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCua39203. Cisco IOS on uBR10000 router Cable Modem Termination Systems (CMTS) is a set of operating system running on uBR10000 CMTS (Cable Modem Termination System) router of Cisco (Cisco)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0291",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "12.2sch"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2\\(33\\)sch"
      },
      {
        "model": "ios 12.2sch",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2(33)sch"
      },
      {
        "model": "ubr10000 for router cable modem termination system",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ubr10000 router cable modem termination systems",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ubr10000",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "BID",
        "id": "75321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:ios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:ubr10000_cable_modem_termination_system",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75321"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4202",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-4202",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-03987",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-82163",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4202",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4202",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-03987",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-350",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82163",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. Vendors have confirmed this vulnerability Bug ID CSCua39203 It is released as.Skillfully crafted by a third party IPDR Important through the packet MAC Information about address and network usage may be obtained. The Cisco uBR 10000 Series is a router device from Cisco. Cisco uBR10000 Series Universal Broadband Routers are prone to information disclosure vulnerability. \nA remote attacker may exploit this issue to gain potentially sensitive information. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCua39203. Cisco IOS on uBR10000 router Cable Modem Termination Systems (CMTS) is a set of operating system running on uBR10000 CMTS (Cable Modem Termination System) router of Cisco (Cisco)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "BID",
        "id": "75321"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4202",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "75321",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032678",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "db": "BID",
        "id": "75321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "id": "VAR-201506-0291",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      }
    ],
    "trust": 1.2999999999999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:23:44.731000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39432",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432"
      },
      {
        "title": "Patch for Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/59983"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39432"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/75321"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032678"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4202"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4202"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "db": "BID",
        "id": "75321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "db": "BID",
        "id": "75321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "date": "2015-06-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "date": "2015-06-19T00:00:00",
        "db": "BID",
        "id": "75321"
      },
      {
        "date": "2015-06-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "date": "2015-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "date": "2015-06-20T14:59:01.947000",
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03987"
      },
      {
        "date": "2016-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82163"
      },
      {
        "date": "2015-06-19T00:00:00",
        "db": "BID",
        "id": "75321"
      },
      {
        "date": "2015-06-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      },
      {
        "date": "2015-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-4202"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco uBR10000 Important in cable modem termination systems for routers  MAC Vulnerability to obtain information about address and network usage",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003228"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-350"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-03987

Vulnerability from cnvd - Published: 2015-06-25

Title

Cisco uBR10000 Series Universal Broadband Routers信息泄露漏洞

Description

Cisco uBR 10000 Series是思科公司推出的路由器设备。 Cisco uBR 10000 Series存在安全漏洞，允许远程攻击者利用漏洞发送特制的IPDR报文到目标CMTS设备的4737 TCP端口，可获取设备的敏感信息，包括MAC地址和字节数。

Severity

中

Patch Name

Cisco uBR10000 Series Universal Broadband Routers信息泄露漏洞的补丁

Patch Description

Cisco uBR 10000 Series是思科公司推出的路由器设备。Cisco uBR 10000 Series存在安全漏洞，允许远程攻击者利用漏洞发送特制的IPDR报文到目标CMTS设备的4737 TCP端口，可获取设备的敏感信息，包括MAC地址和字节数。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/viewAlert.x?alertId=39432

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39432

Impacted products

Name
['Cisco IOS 12.2SCH', 'Cisco uBR10000 router Cable Modem Termination Systems (CMTS)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75321"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4202"
    }
  },
  "description": "Cisco uBR 10000 Series\u662f\u601d\u79d1\u516c\u53f8\u63a8\u51fa\u7684\u8def\u7531\u5668\u8bbe\u5907\u3002 \r\n\r\nCisco uBR 10000 Series\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53d1\u9001\u7279\u5236\u7684IPDR\u62a5\u6587\u5230\u76ee\u6807CMTS\u8bbe\u5907\u76844737 TCP\u7aef\u53e3\uff0c\u53ef\u83b7\u53d6\u8bbe\u5907\u7684\u654f\u611f\u4fe1\u606f\uff0c\u5305\u62ecMAC\u5730\u5740\u548c\u5b57\u8282\u6570\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39432",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03987",
  "openTime": "2015-06-25",
  "patchDescription": "Cisco uBR 10000 Series\u662f\u601d\u79d1\u516c\u53f8\u63a8\u51fa\u7684\u8def\u7531\u5668\u8bbe\u5907\u3002Cisco uBR 10000 Series\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53d1\u9001\u7279\u5236\u7684IPDR\u62a5\u6587\u5230\u76ee\u6807CMTS\u8bbe\u5907\u76844737 TCP\u7aef\u53e3\uff0c\u53ef\u83b7\u53d6\u8bbe\u5907\u7684\u654f\u611f\u4fe1\u606f\uff0c\u5305\u62ecMAC\u5730\u5740\u548c\u5b57\u8282\u6570\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco uBR10000 Series Universal Broadband Routers\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS 12.2SCH",
      "Cisco uBR10000 router Cable Modem Termination Systems (CMTS)"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-23",
  "title": "Cisco uBR10000 Series Universal Broadband Routers\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-4MF4-PWVW-5252

Vulnerability from github – Published: 2022-05-17 03:13 – Updated: 2022-05-17 03:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-20T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.",
  "id": "GHSA-4mf4-pwvw-5252",
  "modified": "2022-05-17T03:13:41Z",
  "published": "2022-05-17T03:13:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4202"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75321"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032678"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-4202

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4202

Aliases

CVE-2015-4202

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4202",
    "description": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.",
    "id": "GSD-2015-4202"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4202"
      ],
      "details": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.",
      "id": "GSD-2015-4202",
      "modified": "2023-12-13T01:19:59.947201Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4202",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032678",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032678"
          },
          {
            "name": "75321",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75321"
          },
          {
            "name": "20150619 Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sch:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(33\\)sch:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ubr10000_cable_modem_termination_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4202"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150619 Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432"
            },
            {
              "name": "75321",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/75321"
            },
            {
              "name": "1032678",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032678"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-28T18:02Z",
      "publishedDate": "2015-06-20T14:59Z"
    }
  }
}

FKIE_CVE-2015-4202

Vulnerability from fkie_nvd - Published: 2015-06-20 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39432	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/75321	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1032678	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39432	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75321	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032678	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	ios	12.2\(33\)sch
cisco	ios	12.2sch
cisco	ubr10000_cable_modem_termination_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(33\\)sch:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0B3338-E4D5-4095-8974-71E53C331994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sch:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4036869-5126-4C78-9F5E-3159F8FC62EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ubr10000_cable_modem_termination_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D71FF316-A3D6-4B5B-BF23-45FCFF0ADE76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203."
    },
    {
      "lang": "es",
      "value": "Cisco IOS 12.2SCH en Cable Modem Termination Systems (CMTS) de los routers uBR10000 no restringe correctamente el acceso al servicio IP Detail Record (IPDR), lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible de direcciones MAC y utilizaci\u00f3n de red a trav\u00e9s de paquetes IPDR manipulados, tambi\u00e9n conocido como Bug ID CSCua39203."
    }
  ],
  "id": "CVE-2015-4202",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-20T14:59:01.947",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75321"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032678"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4202 (GCVE-0-2015-4202)

VAR-201506-0291

CNVD-2015-03987

GHSA-4MF4-PWVW-5252

GSD-2015-4202

FKIE_CVE-2015-4202

Tags

Sightings

Nomenclature