VAR-201601-0491
Vulnerability from variot - Updated: 2025-04-13 23:35Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. Vendors have confirmed this vulnerability Bug ID CSCuw83486 It is released as.Service disruption through crafted updates by third parties ( Device reload ) There is a possibility of being put into a state. Cisco IOSXR is a fully modular, distributed network operating system from Cisco's IOS software family. A security vulnerability exists in Cisco IOSXR that originated from the number of times the program did not correctly limit the PathComputationElements(PCEs)forOSPFLSAopaque domain update. Cisco IOS XR Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to restart the OSPF process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw83486. The following releases are affected: Cisco IOS XR Release 4.2.0, Release 4.3.0, Release 5.0.0, Release 5.1.0, Release 5.2.0, Release 5.2.2, Release 5.2.4, Release 5.3.0, Release 5.3. 2 versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0491",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "4.3.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "4.2.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.0.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.1.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.2.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.2.4"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "5.3.2"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.2"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.4"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.2"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.0"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "BID",
"id": "79831"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios_xr",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "79831"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6432",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6432",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00096",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84393",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6432",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6432",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6432",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00096",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84393",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "VULHUB",
"id": "VHN-84393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. Vendors have confirmed this vulnerability Bug ID CSCuw83486 It is released as.Service disruption through crafted updates by third parties ( Device reload ) There is a possibility of being put into a state. Cisco IOSXR is a fully modular, distributed network operating system from Cisco\u0027s IOS software family. A security vulnerability exists in Cisco IOSXR that originated from the number of times the program did not correctly limit the PathComputationElements(PCEs)forOSPFLSAopaque domain update. Cisco IOS XR Software is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to restart the OSPF process, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCuw83486. The following releases are affected: Cisco IOS XR Release 4.2.0, Release 4.3.0, Release 5.0.0, Release 5.1.0, Release 5.2.0, Release 5.2.2, Release 5.2.4, Release 5.3.0, Release 5.3. 2 versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "BID",
"id": "79831"
},
{
"db": "VULHUB",
"id": "VHN-84393"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6432",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034570",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00096",
"trust": 0.6
},
{
"db": "BID",
"id": "79831",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84393",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "VULHUB",
"id": "VHN-84393"
},
{
"db": "BID",
"id": "79831"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"id": "VAR-201601-0491",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "VULHUB",
"id": "VHN-84393"
}
],
"trust": 1.24750776
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
}
]
},
"last_update_date": "2025-04-13T23:35:05.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160104-iosxr",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr"
},
{
"title": "Patch for Cisco IOSXR Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/69675"
},
{
"title": "Cisco IOS XR Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59457"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160104-iosxr"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034570"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6432"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6432"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "VULHUB",
"id": "VHN-84393"
},
{
"db": "BID",
"id": "79831"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "VULHUB",
"id": "VHN-84393"
},
{
"db": "BID",
"id": "79831"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"date": "2016-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-84393"
},
{
"date": "2016-01-04T00:00:00",
"db": "BID",
"id": "79831"
},
{
"date": "2016-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"date": "2016-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"date": "2016-01-05T02:59:05.427000",
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84393"
},
{
"date": "2016-01-04T00:00:00",
"db": "BID",
"id": "79831"
},
{
"date": "2016-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006608"
},
{
"date": "2016-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-061"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR Resource Management Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00096"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-061"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…