FKIE_CVE-2015-6273

Vulnerability from fkie_nvd - Published: 2015-08-29 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=40690Vendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1033408
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=40690Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033408
Impacted products
Vendor Product Version
cisco ios_xe 2.2.1
cisco ios_xe 2.2.2
cisco ios_xe 2.2.3
cisco ios_xe 3.1.0s
cisco ios_xe 3.1.1s
cisco asr_1001 -
cisco asr_1001-x -
cisco asr_1002 -
cisco asr_1002-x -
cisco asr_1004 -
cisco asr_1006 -
cisco asr_1013 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B35652-621F-48DB-84FF-E214D42AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E216416-E3ED-437D-A725-2297DD86EF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8F3444-17E3-48A5-BEC1-97967F7E4EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A13401-2660-483E-89A5-6420B5866BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "77FC74E2-2510-40F5-BB2B-11608B844E28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED7C321E-F083-4AB6-96A0-D6358980441E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4376E56-A21C-4642-A85D-439C8E21CD7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "444F688F-79D0-4F22-B530-7BD520080B8F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DD2272-10C2-43B9-9F13-6DC41DBE179B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7428E0A8-1641-47FB-9CA9-34311DEF660D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "854D9594-FE84-4E7B-BA21-A3287F2DC302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en Cisco IOS XE en versiones anteriores a 3.1.2S en dispositivos ASR 1000, no se maneja correctamente la configuraci\u00f3n autom\u00e1tica de Virtual Fragment Reassembly (VFR) por ciertos firewall y componentes NAT, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Embedded Services Processor) a trav\u00e9s de paquetes IP manipulados, tambi\u00e9n conocida como Bug IDs CSCtf87624, CSCte93229, CSCtd19103 y CSCti63623."
    }
  ],
  "id": "CVE-2015-6273",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-29T01:59:02.690",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40690"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1033408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033408"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.