fkie_nvd - fkie_cve-2015-4277

fkie_cve-2015-4277

Vulnerability from fkie_nvd

Published

2015-08-19 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39939	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1033259
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39939	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033259

Impacted products

Vendor	Product	Version
cisco	nx-os	5.1.3
cisco	nx-os	5.3.0
cisco	nexus_93120tx	-
cisco	nexus_93128tx	-
cisco	nexus_9332pq	-
cisco	nexus_9336pq_aci_spine	-
cisco	nexus_9372px	-
cisco	nexus_9372tx	-
cisco	nexus_9396px	-
cisco	nexus_9396tx	-
cisco	nexus_9504	-
cisco	nexus_9508	-
cisco	nexus_9516	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "331D99AC-6464-43C8-BBB7-2C04CCF4733A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "940BAF6A-B62F-4C63-9756-6882678EA0E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la implementaci\u00f3n de la configuraci\u00f3n global en los dispositivos Cisco ASR 9000 con versiones de software 5.1.3 y 5.3.0, causa un cierre de las sesiones vty despu\u00e9s de una operaci\u00f3n commit/end, lo cual permite a usuarios locales causar una denegaci\u00f3n de servicio (creaci\u00f3n de archivo tmp/*config, consumo de memoria y ca\u00edda del dispositivo) a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCut93842."
    }
  ],
  "id": "CVE-2015-4277",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-19T18:59:00.123",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39939"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1033259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033259"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-4277 (GCVE-0-2015-4277)

Vulnerability from cvelistv5

Published

2015-08-19 18:00