CVE-2015-4296

Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=40426	Vendor Advisory
http://www.securitytracker.com/id/1033264

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(1\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_3016:-:::::::*
	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_3064:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172:-:::::::*
	cpe:2.3:h:cisco:nexus_3232c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524:-:::::::*
	cpe:2.3:h:cisco:nexus_3548:-:::::::*

History

No history.

Information

Published : 2015-08-19 23:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-4296

Mitre link : CVE-2015-4296

CVE.ORG link : CVE-2015-4296

JSON object : View

Products Affected

cisco

nexus_3016
nexus_3548
nexus_3232c
nexus_3524
nexus_3132q
nexus_3048
nexus_3172
nx-os
nexus_3164q
nexus_3064
nexus_31128pq

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2015-4296", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-08-19T23:59:00.123", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40426", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1033264", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006."}, {"lang": "es", "value": "Vulnerabilidad en Nexus Data Broker (NDB) en dispositivos Cisco Nexus 3000 con software 6.0(2)A6(1), permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del proceso de Java) a trav\u00e9s de conexiones manipuladas a la aplicaci\u00f3n de Java, tambi\u00e9n conocido como Bug ID CSCut87006."}], "lastModified": "2017-09-21T01:29:09.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73B9FE4E-0C82-4511-9A4A-DCBFEB93DE87"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB"}, {"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D"}, {"criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8"}, {"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D3DBBFE9-835C-4411-8492-6006E74BAC65"}, {"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7817F4E6-B2DA-4F06-95A4-AF329F594C02"}, {"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33"}, {"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8"}, {"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}