VAR-201507-0505
Vulnerability from variot - Updated: 2025-04-13 23:25The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. Vendors have confirmed this vulnerability Bug ID CSCut11534 It is released as.By a third party GTPv2 Denial of service via malformed headers in packets (DoS) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). An attacker can exploit this issue to cause the GTPv2 service on an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCut11534. Cisco ASR 5000 Series is the 5000 series wireless controller products of Cisco (Cisco)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "18.0.0.59167"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "18.0.0.59211"
},
{
"model": "asr 5000 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5500 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5700 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500018.0"
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500018.0.0.59211"
},
{
"model": "asr series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500018.0.0.59167"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "BID",
"id": "75909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_5000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_5500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_5700",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75909"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4275",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04959",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-82236",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4275",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4275",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-04959",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-633",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "VULHUB",
"id": "VHN-82236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. Vendors have confirmed this vulnerability Bug ID CSCut11534 It is released as.By a third party GTPv2 Denial of service via malformed headers in packets (DoS) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). \nAn attacker can exploit this issue to cause the GTPv2 service on an affected device to become unresponsive, resulting in a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCut11534. Cisco ASR 5000 Series is the 5000 series wireless controller products of Cisco (Cisco)",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4275"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "BID",
"id": "75909"
},
{
"db": "VULHUB",
"id": "VHN-82236"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4275",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032984",
"trust": 1.1
},
{
"db": "BID",
"id": "75909",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-633",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04959",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82236",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "VULHUB",
"id": "VHN-82236"
},
{
"db": "BID",
"id": "75909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"id": "VAR-201507-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "VULHUB",
"id": "VHN-82236"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
}
]
},
"last_update_date": "2025-04-13T23:25:13.501000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39934",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39934"
},
{
"title": "Cisco ASR 5000 Router GTPv2 Input Verification Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61248"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39934"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032984"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4275"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4275"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "VULHUB",
"id": "VHN-82236"
},
{
"db": "BID",
"id": "75909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"db": "VULHUB",
"id": "VHN-82236"
},
{
"db": "BID",
"id": "75909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-82236"
},
{
"date": "2015-07-15T00:00:00",
"db": "BID",
"id": "75909"
},
{
"date": "2015-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"date": "2015-07-16T19:59:02.007000",
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04959"
},
{
"date": "2017-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-82236"
},
{
"date": "2015-07-15T00:00:00",
"db": "BID",
"id": "75909"
},
{
"date": "2015-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003855"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-633"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Runs on device software Packet Data Network Gateway Service disruption in components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003855"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-633"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…