Lucene search
Copyright (C) 2015 Greenbone AGOPENVAS:1361412562310105343HistorySep 01, 2015 - 12:00 a.m.
Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability
2015-09-0100:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
9
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.9
Confidence
High
EPSS
0.002
Percentile
56.0%
Cisco ASR 1000 Series Aggregation Services Routers contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/h:cisco:asr_1000";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105343");
script_cve_id("CVE-2015-6274");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_version("2023-07-25T05:05:58+0000");
script_name("Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability");
script_xref(name:"URL", value:"http://tools.cisco.com/security/center/viewAlert.x?alertId=40708");
script_xref(name:"URL", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv71273");
script_tag(name:"impact", value:"Attackers can exploit this issue to cause a denial-of-service.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The vulnerability is due to the processing of excessive number of IPv4 packets that require fragmentation and reassembly. An
attacker could exploit this vulnerability by sending an excessive number of fragmented packets, causing high Cisco QuantumFlow Processor (QFP) CPU utilization in
the Embedded Services Processor (ESP).");
script_tag(name:"solution", value:"Please see the vendor advisory for more information and released fixes.");
script_tag(name:"summary", value:"Cisco ASR 1000 Series Aggregation Services Routers contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition.");
script_tag(name:"affected", value:"Cisco ASR 1000 Series 15.5 Base, (3)S");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
script_tag(name:"creation_date", value:"2015-09-01 16:17:02 +0200 (Tue, 01 Sep 2015)");
script_category(ACT_GATHER_INFO);
script_family("CISCO");
script_copyright("Copyright (C) 2015 Greenbone AG");
script_dependencies("gb_cisco_asr_1000_detect.nasl");
script_mandatory_keys("cisco_asr_1000/installed");
exit(0);
}
include("host_details.inc");
if( ! vers = get_app_version( cpe:CPE ) ) exit( 0 );
if( vers == "15.5(3)S" )
{
report = 'Installed version: ' + vers + '\n' +
'Fixed version: See vendor advisory';
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );
Related
prion
prion
Code injection
2015-09-02 16:59:00
cvelist
cvelist
CVE-2015-6274
2015-09-02 16:00:00
cisco
cisco
cve
cve
CVE-2015-6274
2015-09-02 16:59:02
nvd
nvd
CVE-2015-6274
2015-09-02 16:59:02
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.9
Confidence
High
EPSS
0.002
Percentile
56.0%
Related for OPENVAS:1361412562310105343