CVE-2015-4243 - OpenCVE

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Asr 1001-x Asr 1002-x Asr 1002 Asr 1006 Asr 1001 Asr 1013 Ios Xe Asr 1004

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios_xe:3.5.0s:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39675	Vendor Advisory
http://www.securitytracker.com/id/1032805	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2015-07-08T14:00:00

Updated: 2016-12-23T18:57:01

Reserved: 2015-06-04T00:00:00

Link: CVE-2015-4243

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-07-08T14:59:03.817

Modified: 2016-12-29T13:33:53.227

Link: CVE-2015-4243

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1032805", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032805"}, {"name": "20150707 Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39675"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-4243", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032805", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032805"}, {"name": "20150707 Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39675"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-4243", "datePublished": "2015-07-08T14:00:00", "dateReserved": "2015-06-04T00:00:00", "dateUpdated": "2016-12-23T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.5.0s:*:*:*:*:*:*:*", "matchCriteriaId": "5872A42F-745E-4EC6-8679-C28F79F6621C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED7C321E-F083-4AB6-96A0-D6358980441E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4376E56-A21C-4642-A85D-439C8E21CD7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "444F688F-79D0-4F22-B530-7BD520080B8F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*", "matchCriteriaId": "55DD2272-10C2-43B9-9F13-6DC41DBE179B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*", "matchCriteriaId": "7428E0A8-1641-47FB-9CA9-34311DEF660D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*", "matchCriteriaId": "854D9594-FE84-4E7B-BA21-A3287F2DC302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202."}, {"lang": "es", "value": "La implementaci\u00f3n de establecimiento PPPoE en Cisco IOS XE 3.5.0S en los dispositivos ASR 1000 permite a atacantes causar una denegaci\u00f3n de servicio (recarga de dispositivo) mediante el env\u00edo de paquetes PPPoE Active Discovery Request (PADR) malformados en la red local, tambi\u00e9n conocido como Bug ID CSCty94202."}], "id": "CVE-2015-4243", "lastModified": "2016-12-29T13:33:53.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-08T14:59:03.817", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39675"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032805"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}