CVE-2015-0744 - OpenCVE

Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Headend Digital Broadband Delivery System Headend System Release Dta Control System

Configuration 1 [-]

OR	cpe:2.3:o:cisco:dta_control_system:4.0.0.9:::::::*
	cpe:2.3:o:cisco:headend_digital_broadband_delivery_system:-:::::::*
	cpe:2.3:o:cisco:headend_system_release:2.5:::::::*
	cpe:2.3:o:cisco:headend_system_release:2.7:::::::*
	cpe:2.3:o:cisco:headend_system_release:3.2:::::::*
	cpe:2.3:o:cisco:headend_system_release:3.5:::::::*
	cpe:2.3:o:cisco:headend_system_release:3.7:::::::*
	cpe:2.3:o:cisco:headend_system_release:i4.3:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38943	Vendor Advisory
http://www.securityfocus.com/bid/74916	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032445	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2015-05-30T14:00:00

Updated: 2016-12-29T18:57:01

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0744

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-05-30T14:59:02.723

Modified: 2017-01-04T15:44:13.873

Link: CVE-2015-0744

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "74916", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74916"}, {"name": "20150529 Multiple Cisco Products TCP Flood Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38943"}, {"name": "1032445", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032445"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74916", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74916"}, {"name": "20150529 Multiple Cisco Products TCP Flood Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38943"}, {"name": "1032445", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032445"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0744", "datePublished": "2015-05-30T14:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2016-12-29T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:dta_control_system:4.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2955F766-BF44-4F78-B9CD-489A49CB62D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_digital_broadband_delivery_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B751BEE-0C68-4C9C-A44E-E601A521F03C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_system_release:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "350A824A-9C2F-4F04-9400-61009FD66D43", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_system_release:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "CD5FFC2E-0590-4920-AC1B-C43D5680FFB3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_system_release:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2CCC8CEC-B876-4148-B730-0981F1F33DC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_system_release:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "331F2CCD-A95F-483D-88DC-2859A2A42899", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_system_release:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "D68602B8-20D1-424F-9FE2-EF0A0273363C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:headend_system_release:i4.3:*:*:*:*:*:*:*", "matchCriteriaId": "52026E53-68A0-4903-8671-9EAF4387024C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315."}, {"lang": "es", "value": "Cisco DTA Control System (DTACS) 4.0.0.9 y Cisco Headend System Release permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y memoria e interrupci\u00f3n de servicio TCP) a trav\u00e9s de (1) una inundaci\u00f3n SYN o (2) otro tipo de inundaci\u00f3n de tr\u00e1fico TCP, tambi\u00e9n conocidos como Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657 y CSCus68315."}], "id": "CVE-2015-0744", "lastModified": "2017-01-04T15:44:13.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-30T14:59:02.723", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38943"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74916"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032445"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}