CVE-2015-0618Improper Input Validation in Cisco Carrier Routing System

CWE-19CWE-20Improper Input Validation4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.6%
top 31.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Carrier Routing SystemCisco IOS XR
Timeline
PublishedFeb 21
Latest updateMay 17

Description

Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDcisco/carrier_routing_system5.1.3, 5.1.4+1
NVDcisco/ios_xr5.0.1, 5.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-3prq-m3r6-7fw4: Cisco IOS XR 52022-05-17
CVEList
CVE-2015-0618: Cisco IOS XR 52015-02-21

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability2015-02-20
CVE-2015-0618 — Improper Input Validation in Cisco | cvebase