VAR-201507-0503
Vulnerability from variot - Updated: 2025-04-13 23:14The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco Packet Data Network Gateway is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the Session Manager service on an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCut38476. Cisco ASR 5000 Series is the 5000 series wireless controller products of Cisco (Cisco). The following releases are affected: Cisco ASR 5000 devices using Release 15.0(912), Release 15.0(935), and Release 15.0(938) software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.0\\(912\\)"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.0\\(935\\)"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.0\\(938\\)"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0 (912)"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0 (935)"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0 (938)"
},
{
"model": "asr devices with software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500015.0(912)"
},
{
"model": "asr devices with software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500015.0(935)"
},
{
"model": "asr devices with software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500015.0(938)"
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500015.0(938)"
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500015.0(935)"
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500015.0(912)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "BID",
"id": "75905"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75905"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4273",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04675",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-82234",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4273",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4273",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-04675",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-430",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82234",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "VULHUB",
"id": "VHN-82234"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco Packet Data Network Gateway is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the Session Manager service on an affected device to become unresponsive, resulting in a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCut38476. Cisco ASR 5000 Series is the 5000 series wireless controller products of Cisco (Cisco). The following releases are affected: Cisco ASR 5000 devices using Release 15.0(912), Release 15.0(935), and Release 15.0(938) software",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "BID",
"id": "75905"
},
{
"db": "VULHUB",
"id": "VHN-82234"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4273",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032928",
"trust": 1.1
},
{
"db": "BID",
"id": "75905",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-430",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04675",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82234",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "VULHUB",
"id": "VHN-82234"
},
{
"db": "BID",
"id": "75905"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"id": "VAR-201507-0503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "VULHUB",
"id": "VHN-82234"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
}
]
},
"last_update_date": "2025-04-13T23:14:31.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39907",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39907"
},
{
"title": "Patch for Cisco ASR Denial of Service Vulnerability (CNVD-2015-04675)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61189"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82234"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39907"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032928"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4273"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4273"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "VULHUB",
"id": "VHN-82234"
},
{
"db": "BID",
"id": "75905"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"db": "VULHUB",
"id": "VHN-82234"
},
{
"db": "BID",
"id": "75905"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"date": "2015-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-82234"
},
{
"date": "2015-07-15T00:00:00",
"db": "BID",
"id": "75905"
},
{
"date": "2015-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"date": "2015-07-15T14:59:02.940000",
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04675"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82234"
},
{
"date": "2015-07-15T00:00:00",
"db": "BID",
"id": "75905"
},
{
"date": "2015-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003853"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-430"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Device software Packet Data Network Gateway Service disruption in components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003853"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-430"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…