CVE-2015-4204 - OpenCVE

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Cisco Ios Ubr10000 Cable Modem Termination System

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:cisco_ios:12.2:::::::*
	cpe:2.3:o:cisco:cisco_ios:12.2\(33\):::::::*

cpe:2.3:h:cisco:ubr10000_cable_modem_termination_system:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
http://www.securityfocus.com/bid/75337
http://www.securitytracker.com/id/1032692

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2015-06-23T10:00:00

Updated: 2024-08-06T06:04:03.096Z

Reserved: 2015-06-04T00:00:00

Link: CVE-2015-4204

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-06-23T12:59:01.367

Modified: 2016-12-28T18:01:50.170

Link: CVE-2015-4204

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1032692", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032692"}, {"name": "20150622 Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39440"}, {"name": "75337", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75337"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-4204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032692", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032692"}, {"name": "20150622 Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39440"}, {"name": "75337", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75337"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:04:03.096Z"}, "title": "CVE Program Container", "references": [{"name": "1032692", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032692"}, {"name": "20150622 Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39440"}, {"name": "75337", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75337"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-4204", "datePublished": "2015-06-23T10:00:00", "dateReserved": "2015-06-04T00:00:00", "dateUpdated": "2024-08-06T06:04:03.096Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA07E584-C010-485F-8BE3-A46DA40B997E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2\\(33\\):*:*:*:*:*:*:*", "matchCriteriaId": "1AF0844A-5298-4470-80B8-0B82E67A359A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ubr10000_cable_modem_termination_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC98615A-29AC-454E-B4D9-222E8E85AD31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051."}, {"lang": "es", "value": "Fuga de memoria en Cisco IOS 12.2 en el m\u00f3dulo Performance Routing Engine (PRE) en los dispositivos uBR10000 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de memoria o ca\u00edda del proceso PXF) mediante el env\u00edo r\u00e1pido de solicitudes de SNMP docsIfMCmtsMib, tambi\u00e9n conocida como Bug ID CSCue65051."}], "id": "CVE-2015-4204", "lastModified": "2016-12-28T18:01:50.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-23T12:59:01.367", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39440"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75337"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032692"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}