CVE-2015-0639 โ€” Improper Input Validation in Cisco IOS XE

CWE-20 โ€” Improper Input ValidationCWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedMar 26
Latest updateMay 17

Description

The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

โ–ถNVDcisco/ios_xe11 versions+10

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-5f9h-8xg4-pgmx: The Common Flow Table (CFT) feature in Cisco IOS XE 3โ†—2022-05-17
โ–ถ
CVEList
CVE-2015-0639: The Common Flow Table (CFT) feature in Cisco IOS XE 3โ†—2015-03-26
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routersโ†—2015-03-25
โ–ถ
CVE-2015-0639 โ€” Improper Input Validation in Cisco | cvebase