cnvd - cnvd-2015-05037

cnvd-2015-05037

Vulnerability from cnvd

Title: Cisco ASR9k IOS XR Local Packet Transport Services拒绝服务漏洞

Description:

Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。

Cisco ASR9k设备上的Cisco IOS XR中的Local Packet Transport Services(LPTS)网络栈中存在安全漏洞，远程攻击者可利用该漏洞造成拒绝服务（资源消耗）。

Severity: 中

Patch Name: Cisco ASR9k IOS XR Local Packet Transport Services拒绝服务漏洞的补丁

Patch Description:

Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。Cisco ASR9k设备上的Cisco IOS XR中的Local Packet Transport Services(LPTS)网络栈中存在安全漏洞，远程攻击者可利用该漏洞造成拒绝服务（资源消耗）。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
https://tools.cisco.com/bugsearch/bug/CSCur88273

Reference: http://tools.cisco.com/security/center/viewAlert.x?alertId=40068

Impacted products

Name
['Cisco IOS XR Software 5.1.2', 'Cisco IOS XR Software 5.1.3', 'Cisco IOS XR Software 5.2.1', 'Cisco IOS XR Software 5.2.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "76002"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4285"
    }
  },
  "description": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco ASR9k\u8bbe\u5907\u4e0a\u7684Cisco IOS XR\u4e2d\u7684Local Packet Transport Services(LPTS)\u7f51\u7edc\u6808\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d44\u6e90\u6d88\u8017\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a    \r\nhttps://tools.cisco.com/bugsearch/bug/CSCur88273",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05037",
  "openTime": "2015-07-30",
  "patchDescription": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002Cisco ASR9k\u8bbe\u5907\u4e0a\u7684Cisco IOS XR\u4e2d\u7684Local Packet Transport Services(LPTS)\u7f51\u7edc\u6808\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d44\u6e90\u6d88\u8017\uff09\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco ASR9k IOS XR Local Packet Transport Services\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XR Software 5.1.2",
      "Cisco IOS XR Software 5.1.3",
      "Cisco IOS XR Software 5.2.1",
      "Cisco IOS XR Software 5.2.2"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40068",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-28",
  "title": "Cisco ASR9k IOS XR Local Packet Transport Services\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2015-4285 (GCVE-0-2015-4285)

Vulnerability from cvelistv5

Published

2015-07-23 14:00

Modified

2024-08-06 06:11

Severity ?

CWE

Summary

The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/viewAlert.x?alertId=40068	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1033043	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150722 Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40068"
          },
          {
            "name": "1033043",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033043"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-08-14T16:57:05",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150722 Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40068"
        },
        {
          "name": "1033043",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033043"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150722 Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40068"
            },
            {
              "name": "1033043",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033043"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4285",
    "datePublished": "2015-07-23T14:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted