CVE-2015-0694 - Vulnerability Details

Vendors	Products
Cisco	Asr 9001 Asr 9006 Asr 9010 Asr 9904 Asr 9912 Asr 9922 Ios Xr

Link	Providers
http://tools.cisco.com/security/center/viewAlert.x?alertId=38292
http://www.securitytracker.com/id/1032059

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-16T17:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"name": "1032059", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032059"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"name": "1032059", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032059"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:17:32.821Z"}, "title": "CVE Program Container", "references": [{"name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"name": "1032059", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032059"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0694", "datePublished": "2015-04-11T01:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-08-06T04:17:32.821Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-04-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2015-04-16T17:57:00 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

name : 20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

]

url : http://tools.cisco.com/security/center/viewAlert.x?alertId=38292 (string)

}

1 : { »

name : 1032059 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1032059 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2015-0694 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability (string)

refsource : CISCO (string)

url : http://tools.cisco.com/security/center/viewAlert.x?alertId=38292 (string)

}

1 : { »

name : 1032059 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1032059 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:17:32.821Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

2 : x_transferred (string)

]

url : http://tools.cisco.com/security/center/viewAlert.x?alertId=38292 (string)

}

1 : { »

name : 1032059 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1032059 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2015-0694 (string)

datePublished : 2015-04-11T01:00:00 (string)

dateReserved : 2015-01-07T00:00:00 (string)

dateUpdated : 2024-08-06T04:17:32.821Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "74783CCE-2295-4FFE-9978-0E7751099D27", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*", "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*", "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*", "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*", "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*", "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806."}, {"lang": "es", "value": "Los dispositivos Cisco ASR 9000 con software 5.3.0.BASE no reconocen que ciertas entradas ACL tienen una limitaci\u00f3n de un anfitri\u00f3n \u00fanico, lo que permite a atacantes remotos evadir las restricciones de acceso de los recursos de la red mediante el uso de una direcci\u00f3n que se supon\u00eda que no se permit\u00eda, tambi\u00e9n conocido como Bug ID CSCur28806."}], "id": "CVE-2015-0694", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-11T01:59:03.803", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1032059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032059"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:* (string)

matchCriteriaId : 74783CCE-2295-4FFE-9978-0E7751099D27 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 324C97E6-1810-404F-9F45-6240F99FF039 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 57EB55BB-41B7-40A1-B6F5-142FE8AB4C16 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 433F4A82-04A4-4EAA-8C19-F7581DCD8D29 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A93212A4-50AB-42E7-89A4-5FBBAEA050C3 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5445CC54-ACFB-4070-AF26-F91FEAA85181 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. (string)

}

1 : { »

lang : es (string)

value : Los dispositivos Cisco ASR 9000 con software 5.3.0.BASE no reconocen que ciertas entradas ACL tienen una limitación de un anfitrión único, lo que permite a atacantes remotos evadir las restricciones de acceso de los recursos de la red mediante el uso de una dirección que se suponía que no se permitía, también conocido como Bug ID CSCur28806. (string)

}

]

id : CVE-2015-0694 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-04-11T01:59:03.803 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/viewAlert.x?alertId=38292 (string)

}

1 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1032059 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/viewAlert.x?alertId=38292 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1032059 (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-284 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object