Vulnerability Name: CVE-2015-0742 (CCN-103297) Assigned: 2015-05-20 Published: 2015-05-20 Updated: 2017-01-06 Summary: The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-399 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2015-0742 Cisco Adaptive Security Appliance Protocol Independent Multicast Registration Vulnerability 20150520 Cisco Adaptive Security Appliance Protocol Independent Multicast Registration Vulnerability 74750 Cisco Adaptive Security Appliance CVE-2015-0742 Denial of Service Vulnerability 1032381 cisco-asa-cve20150742-dos(103297) Vulnerable Configuration: Configuration 1 :cpe:/a:cisco:adaptive_security_appliance_software:9.2(0.0):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:9.2(0.104):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:9.2(3.1):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:9.2(3.4):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:9.3(1.105):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:9.3(2.100):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:9.4(0.115):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:100.13(0.21):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:100.13(20.3):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:100.13(21.9):*:*:*:*:*:*:* OR cpe:/a:cisco:adaptive_security_appliance_software:100.14(1.1):*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:cisco:adaptive_security_appliance:-:*:*:*:*:*:*:* BACK
cisco adaptive security appliance software 9.2(0.0)
cisco adaptive security appliance software 9.2(0.104)
cisco adaptive security appliance software 9.2(3.1)
cisco adaptive security appliance software 9.2(3.4)
cisco adaptive security appliance software 9.3(1.105)
cisco adaptive security appliance software 9.3(2.100)
cisco adaptive security appliance software 9.4(0.115)
cisco adaptive security appliance software 100.13(0.21)
cisco adaptive security appliance software 100.13(20.3)
cisco adaptive security appliance software 100.13(21.9)
cisco adaptive security appliance software 100.14(1.1)
cisco adaptive security appliance -
Denotes that component is vulnerable