CVE-2015-0694 - Vulnerability Details - OpenCVE

Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00365.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Asr 9001 Asr 9006 Asr 9010 Asr 9904 Asr 9912 Asr 9922 Ios Xr

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://tools.cisco.com/security/center/viewAlert.x?alertId=38292
http://www.securitytracker.com/id/1032059

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2015-04-11T01:00:00

Updated: 2024-08-06T04:17:32.821Z

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0694

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-04-11T01:59:03.803

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-0694

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-16T17:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"name": "1032059", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032059"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"name": "1032059", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032059"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:17:32.821Z"}, "title": "CVE Program Container", "references": [{"name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"name": "1032059", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032059"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0694", "datePublished": "2015-04-11T01:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-08-06T04:17:32.821Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "74783CCE-2295-4FFE-9978-0E7751099D27", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*", "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*", "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*", "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*", "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*", "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."}, {"lang": "es", "value": "Los dispositivos Cisco ASR 9000 con software 5.3.0.BASE no reconocen que ciertas entradas ACL tienen una limitaci\u00f3n de un anfitri\u00f3n \u00fanico, lo que permite a atacantes remotos evadir las restricciones de acceso de los recursos de la red mediante el uso de una direcci\u00f3n que se supon\u00eda que no se permit\u00eda, tambi\u00e9n conocido como Bug ID CSCur28806."}], "id": "CVE-2015-0694", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-11T01:59:03.803", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1032059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032059"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}